Joined  at  the  switch 

“Unified”  wireless/wired  LAN  switches  are  making 
wireless  a  standard  feature  of  wired  infrastructure. 

PAGE  8. 


Morphing  the  data  center 

Linking  key  data  center  equipment  to  high-speed 
pipes,  sometimes  leaves  Ethernet  wanting. 

PAGE  22. 


Retailers  rev  up  networks 

Radio  frequency  identification  and  data  analytics 
are  improving  store  operations. 

PAGE  10. 
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Are  all  rootkits  evil? 

Settlement  in  Sony  CD  case  resurrects  old  debate. 

BY  ELLEN  MESSMER 

When  a  security 

researcher  late  last 
year  discovered 
Sony  was  using  hidden 
software-cloaking  and 
monitoring  techniques  to 
protect  copyrights  on  its 
music  CDs,  public  back¬ 
lash  prompted  lawsuits 
against  the  company  and 
a  debate  ensued  about 
using  “rootkits"  in  commer¬ 
cial  software. 

The  lawsuits  wound  down  last  week  with  a  court-ordered  set¬ 
tlement  that  has  Sony  BMG  Music  Entertainment  offering  $7.50 
and  a  free  album  download  to  those  who  bought  any  of  the  15 
million  rootkit-infested  CDs  it  sold.  But  the  broader  rootkit 
debate  seems  far  from  over. 

See  Rootkit,  page  52 


COLIN  JOHNSON 


FEMA  CIO  Barry  West 
talks  about  emergency 
preparedness  post-Katrina. 
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Microsoft  to  let  users 
lead  Longhorn  forward 


BY  JOHN  FONTANA 

SEATTLE  —  Microsoft  plans  this  summer  to  offer 
special  licenses  to  users  who  want  to  run  the  Beta  2 
version  of  the  Longhorn  Server  operating  system  in 
specific  roles  within  their  networks. 

The  company  said  last  week  at  its  annual  Windows 
Hardware  Engineering  Conference  that  it  would 
offer  Go  Live  licenses  for  Longhorn  Server  Beta  2  to 
subscribers  of  the  Microsoft  Developer  Network  and 
TechNet.  The  licenses  would  let  those  users  run 
Longhorn  Server  Beta  2  and  Internet  Information 
Server  (IIS)  7.0  in  production.  (Microsoft’s  beta 
licenses  usually  forbid  testers  from  running  the  code 
in  production  environments.) 

The  company  also  detailed  hardware  error-check¬ 
ing  features  and  security  features,  and  said  Longhorn 


would  have  a  Beta  3  early  next  year.  It  did  not  say 
how  the  Go  Live  licenses  would  be  constructed  or 
what  the  cost  would  be, but  it  plans  to  restrict  the  roll¬ 
outs  to  certain  server  functions  or  roles. 

Microsoft  is  attacking  the  server  operating  system 
market  from  bottom  to  top  with  versions  of  Long¬ 
horn  designed  for  everything  from  small  businesses 
to  data  center  deployments.  The  company  says  it 
hopes  Longhorn  will  help  continue  15  consecutive 
quarters  of  revenue  growth  in  its  server  and  tools 
business. 

Longhorn  has  a  new  feature  called  Server  Manager 
that  lets  administrators  configure  servers  with  only 
the  components  they  need  for  specific  tasks, such  as 
file  servicing,  Web  serving,  DNS  or  DHCP  Server 

See  WinHEC,  page  14 


Layer  2  YPN  services 
not  ready  to  fly  solo 

BY  JIM  DUFFY 

NEWYORK  — There’s  plenty  of  buzz  about  Layer  2  VPN  ser¬ 
vices,  especially  those  that  boast  the  familiarity  of  Ethernet 
and  the  scalability  of  MPLS.  But  enterprises  at  last  week’s 
MPLScon  2006  conference  said  Layer  2  services  aren’t  yet 
mature  enough  to  support  demanding  service-oriented 
application  architectures,  such  as  those  used  for  large-scale 
multicasts  and  utility  computing. 

What’s  more,  major  service  providers  still  have  not  rolled 
out  offerings  such  as  Layer  2  Virtual  Private  LAN  Services 
(VPLS)  on  a  broad  scale  (see  graphic,  page  16). Verizon,  for 
example,  has  3,000  customers  for  its  Layer  3  Private  IP  VPN 
service  yet  doesn’t  plan  to  have  its  VPLS  service  out  for 
about  another  year. 

All  of  which  helps  to  explain  why  IT  executives  at  last 
weeks  event  mainly  talked  about  their  Layer  3  MPLS  net¬ 
works,  referring  to  Layer  2  VPN  services  in  the  future  tense 
and  as  complementary  to  Layer  3  offerings. 

Boeing  uses  a  Layer  3  MPLS  VPN  to  support  multicasts  to  vir¬ 
tual  workgroups  among  its  165,000  employees  in  62  countries, 
said  Douglas  Hill,  associate  technical  fellow  at  the  aerospace 

See  MPLS,  page  16 
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YOUR  NETWORK  APPLICATION 
IS  A  CHEETAH. 

ON  EIGHTEEN  CUPS  OF  COFFEE. 
ABOARD  A  ROCKET. 

IN  A  HURRY. 


OVERACHIEVE. 


F5  will  make  your  network  applications  scream  with  speed.  65%  faster  on 
average.  At  the  same  time,  ensuring  absolute  security  and  availability. 

The  F5  mission  is  to  make  your  applications  do  what  they  were  designed  to  do:  perform. 

More  than  9,000  organizations  around  the  world  overachieve  with  F5  Networks.  Can  yours? 

THE  WORLD  RUNS  BETTER  WITH  F5 
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OVER  50%  OF  ALL  DATA  BREACHES  COME  FROM  INSIDE  THE  PERIMETER. 
WHAT  WILL  IT  TAKE  FOR  YOU  TO  PROTECT  YOUR  ENTERPRISE? 


If  your  data  could  talk,  you’d  get  an  earful.  It  would  tell  you  that  its  value  on  the  open  market  has  sky-rocketed.  And  a  data 
breach  from  inside  the  perimeter  might  be  just  around  the  corner.  If  it  happens,  it  could  cost  millions.  Not  to  mention  reputations. 

TM  TM 

That’s  why  there's  EpiForce  from  Apani  Networks  .  It’s  built  from  the  ground  up  to  secure  data  inside  the  perimeter. 
No  matter  what  platforms  you're  using.  Which  is  good  news  for  your  enterprise.  And  better  news  for  you.  A _  ♦  ™ 

Apani 

To  learn  more  about  securing  inside  the  network  perimeter,  get  a  free  copy  of  "The  Definitive  Guide  to  Security  Inside 
the  Perimeter"  from  Realtimepublishers.  sponsored  by  Apani  Networks.  Go  to  www.apani.com/nwguide 
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IT  execs  such  as  Ugur  Usumi,  IT 
director  at  a  global  training  firm, 
are  deploying  VoIP  to  save  money 
and  improve  productivity  In  this 
package  of  stories, six  IT  execs  share 
their  VoIP  rollout  experiences  and 
offer  tips  for  avoiding  the  pitfalls. 
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House  panel  passes  ‘neutrality'  bill 

■  A  U.S.  House  of  Representatives  committee  has  approved  a  bill  that  would  prohib¬ 
it  broadband  providers  from  blocking  or  impairing  their  customers’  access  to  Web 
content  offered  by  competitors.The  House  Judiciary  Committee  voted  20-13  to 
approve  the  bill,  called  the  Internet  Freedom  and  Nondiscrimination  Act. Some 


TheGoodTheBadTheUgly 

SAP  gets  polite.  Asked  by  the  IDG  News  Service  about  how 
his  company  plans  to  compete  against  and  partner  with  Microsoft,  SAP 
President  of  Product  and  Technology  Group  Shai  Agassi  replied:  “We 
will  compete  like  gentlemen.  Well  come  in  with  swords,  not  bombs  and 
guns,  and  fence.  We  intend  to  win,  period.  We  don't  intend  to  give  the 
SMB  market  to  Microsoft." 


committee  members  said  they  had  questions  about  the  bills  use  of  a  1914  antitrust 
law  to  enforce  network  neutrality  but  many  decided  to  support  the 
bill  after  the  House  Energy  and  Commerce  Committee  in  April 
approved  a  different,  wide-ranging  telecom  reform  bill  that  does  not 
have  strong  antiblocking  rules.The  Energy  and  Commerce  Committee 
bill  gives  that  committee  the  sole  jurisdiction  for  resolving  content¬ 
blocking  disputes,  and  several  members  of  the  House  Judiciary 
Committee  said  that  bill  would  take  away  their  oversight  of  communi¬ 
cation  antitrust  issues. 


Treasury  scuttles  phone  tax 

■  The  U.S.  Treasury  Department  last  week  abolished 
a  tax  law  in  a  move  that  will  likely  result  in  multimil- 
lion-dollar  refunds  for  business  users.  Many  business 
users  started  filing  for  refunds  as  long  as  three  years 
ago,  as  the  government  debated  this  issue  and  it  was 
dragged  through  litigation.  The  federal  excise  tax  of 
3%  on  all  long-distance  calls  had  been  on  the  books 
since  1898.  According  to  the  Treasury  Department,  the 
Internal  Revenue  Service  will  issue  refunds  to  con¬ 
sumers  and  business  customers  for  taxes  paid  over 
the  past  three  years  in  their  2006  filings.The  Treasury 
says  that  due  to  the  statue  of  limitations,  refunds  filed 
today  can  only  cover  the  past  three  years.  According 
to  the  Treasury  Department,  the  excise  tax  was  origi¬ 
nally  established  as  a  luxury  tax  on  wealthy 
Americans  who  owned  telephones. 

Sprint  sues  IBM  over  outsourcing 

■  Sprint  is  suing  IBM  over  what  the  carrier  calls  a 
botched  outsourcing  contract.  Sprint  signed  on  with 
IBM  in  2004  with  a  five-year  contract  that  Sprint 
expected  to  save  $550  million  in  customer-service 
cost  reductions  over  three  years.  Sprint  now  says  the 

COMPENDIUM 

Location  is  everything 

John  Newton  of  Alfresco,  which  makes  an 
open  source  content  management  system, 
describes  why  his  booth  got  such  good  traf¬ 
fic  at  a  recent  conference:  It  was  on  the  way 
to  the  restrooms.  Read  more  at 
www.nvvrfocfinder.com/3643. 
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“It’s  rather  attractive  to  be  able 
to  collect  tax  revenue  from 
non-voting  nonresidents.The 
Supreme  Court’s  silence  really 
dealt  a  very  serious  blow  to  the 
movement  to  expand  the  use  of 
telework.” 

Attorney  Nicole  Belson  Goluboff,  discussing  the  Supreme  Court's 
refusal  to  curb  state  tax  laws  that  discourage  telework. 

See  story  at  www.nwdocfinder.com/3654 

deal  cost  the  company,  and  claims  IBM  owes  it  at 
least  $6.4  million  for  119,000  hours  of  uncompleted 
work.  In  a  lawsuit  filed  this  week  in  U.S.  District  Court 
in  Kansas,  Sprint/United  Management  —  a  sub¬ 
sidiary  of  Sprint  Nextel  —  said  IBM  didn’t  provide 
“contractually  promised  productivity  improvements 
for  2005.”  IBM,  according  to  court  documents,  said 
Sprint  is  using  an  incomplete  formula  for  measuring 
productivity  and  the  amount  of  hours  owed.  An  IBM 
spokesman  declined  to  comment  on  the  suit,  accord¬ 
ing  to  an  Associated  Press  report. 

Hummingbird  to  be  acquired 

■  Enterprise  software  developer  Hummingbird  has 
agreed  to  be  purchased  by  holding  company 
Symphony  Technology  Group  in  a  deal  valued  at 
$465  million. Toronto-based  Hummingbird  develops 
content  management  software  that  helps  organiza- 


Piracy  takes  chunk  out  of  U.S.  software. 

The  Business  Software  Alliance  last  week  shared  results  from  its  annu¬ 
al  PC  software  piracy  study,  which  found  that  about  a 
third  of  all  packaged  software  installed  on  PCs  worldwide 
last  year  was  illegal,  costing  software  companies  an  esti¬ 
mated  $34  billion.  While  the  United  States  had  the  lowest 
piracy  rate  of  countries  studied,  at  21%,  it  also  had  the 
greatest  losses,  at  S6.9  billion. 

<  Badware  Hall  of  Shame  mem¬ 
bership  grows.  StopBadware.org,  the  organi¬ 
zation  dedicated  to  highlighting  software  that  consumers 
might  prefer  to  avoid,  last  week  added  another  round  of 
software  programs  to  its  Badware  Watch  List.  The  latest  inductees 
include  FunCade,  a  gaming  application  that  comes  bundled  with  BullsEye 
and  NaviSearch,  and  Team  Taylor  Made’s  "Jessica  Simpson 
Screensaver." 


tions  manage  documents,  records,  correspondence 
and  contracts.  A  third  party,  Tennenbaum  Capital 
Partners,  will  invest  $135  million  to  help  finance  the 
transaction.  Hummingbird  says  the  deal  will  gener¬ 
ate  immediate  cash  that  will  let  it  continue  to  focus 
on  its  mission  of  offering  ECM  and  connectivity 
products.The  company  reported  a  $4.9  million  prof¬ 
it  in  its  second  quarter.  Hummingbird  competes  with 
other  ECM  developers,  including  Interwoven,  IBM, 
EMC  and  FileNet.  Symphony  Technology  Group 
owns  several  companies,  including  Information 
Resources  and  Gers. 

Dell  opts  for  Google  home  page 

■  When  consumers  boot  up  their  new  Dell  desktops 
and  notebooks  next  week,  they  will  find  a  Google 
home  page  and  search  tools  —  not  the  familiar 
Microsoft  versions  —  the  world’s  largest  PC  vendor 
confirmed  last  week.  Dell  will  factory-install  the 
Google  desktop,  toolbar,  search  engine  and  home 
page  on  desktops  and  notebooks  shipping  to  con¬ 
sumers  and  small  and  midsize  businesses  world¬ 
wide.  It  also  will  be  installed  on  certain  enterprise 
systems,  unless  a  company  specifies  its  own  corpo¬ 
rate  software  tools.  Dell  plans  to  begin  shipping  the 
new  configuration  by  the  end  of  May.  Google  CEO 
Eric  Schmidt  confirmed  the  deal  on  Thursday  at  a 
Goldman  Sachs  Group  conference.  “Dell  is  the  pio¬ 
neer  in  this.  They’ve  figured  out  a  way  to  work  with 
other  partners  to  essentially  fill  out  the  Windows  plat¬ 
form,”  he  said.  “Windows  lacks  certain  features,  and 
Dell  figured  out  a  way  to  add  them.”  The  Microsoft 
versions  of  those  tools  will  still  be  installed  on  the 
PCs,  but  they  will  not  boot  up  automatically  unless 
users  changes  their  default  settings. 
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O-Link  switch  marks  shift  in  WLANs 


Making  wireless  part  of  the  wired  infrastructure  will  create  one  network  that’s  easier  to  deploy  and  manage. 


Merging  wireless  and  wired  nets 

New  silicon  and  advanced  software  promise  to  create  one  LAN  switch  handling  wired  and 
wireless  traffic.  Still  needed  are  unified  security,  net  management  and  a  services  model. 
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Software  stacks  handle: 

•  Access  point  control 

•  Radio  frequency  management 

•  Authentication 

•  Security 

•  Roaming 


BY  JOHN  COX 

D-Link’s  upcoming  announce¬ 
ment  of  a  trio  of  unified  wire¬ 
less/wired  LAN  switches  is  the 
start  of  a  major  shift  in  the  way 
wireless  LANs  will  be  deployed. 

New  silicon  and  software  make 
it  possible  for  Ethernet  switches  to 
process  both  802.11  and  802.3 
packets,  and  deliver  services 
unique  to  wireless  traffic,  such  as 
radio  frequency  management 
and  roaming  across  access 
points.  Wireless  is  poised  to  be¬ 
come  a  standard  feature  of  the 
wired  infrastructure,  rather  than  a 
separate  network,  according  to 
analysts  and  vendors. 

Because  the  two  networks  are 
collapsed  into  one  that  supports 
wired  and  wireless  access,  the  uni¬ 
fied  network  promises  to  be  easier 
to  deploy  simpler  to  run  and  man¬ 
age,  and  lower  in  total  cost  of  own¬ 
ership  compared  with  WLANs  that 
have  separate  switches  and  man¬ 
agement  systems,  according  to 
analysts. 

“We  have  seen  the  cost  of  end¬ 
point  silicon  and  access  points 
collapse,”  says  Bob  Egan,  director 
of  emergent  technologies  for 
Tower  Group.  “But  the  infrastruc¬ 
ture  costs  associated  with  WLANs 
has  just  skyrocketed.  Now  people 
are  finally  starting  to  address  the 
core  infrastructure,  where  the  key 
cost  issues  are.” 

Creating  a  unified  network 

Equipment  makers  face  a  range 
of  choices  on  how  to  integrate 
wireless  to  create  a  unified  net¬ 
work.  D-Links  new  product  is  a 
case  in  point. 

There  are  three  D-Link  models, 
all  Layer  2,  stackable  Gigabit 
Ethernet  switches.  One  model  has 
24  ports,  a  second  48,  a  third  has 
24  ports  with  Fbwer  over  Ethernet. 
Importantly  the  switch  supports 
the  802. IX  port-based  authentica¬ 
tion  standard,  which  increasingly 
is  being  used  for  wired  as  well  as 
wireless  clients. 

But  all  also  support  the  full 
range  of  expected  wireless  fea¬ 
tures  and  standards,  such  as  wire¬ 
less  roaming  between  access 
points  and  switches,  centralized 
access  point  management,  radio 
frequency  management,  rogue 
access  point  detection  and  con¬ 
tainment,  and  for  security,  the 


802.1  li-based  Wi-Fi  Protected 
Access  and  WPA2  specifications, 
as  well  as  the  older  Wired  Equiv¬ 
alent  Privacy  specification. 

The  switches  come  with  a 
license  bundle  for  10  companion 
D-Link  access  points,  which  can 
be  upgraded  to  25  per  switch. 

The  companion  access  points 
are  key  to  D-Link’s  implementa¬ 
tion.  The  wireless  functions  are 
handled  by  software  licensed 
from  NextHop  (IP  Infusion  is 
another  software  maker  in  this 
market). 

Part  of  the  code  runs  on  the 
switch  and  part  on  the  access 
point,  where  the  translation  be¬ 
tween  802.11  and  802.3  takes 
place.  The  access  point  sends 
pure  802.3  Ethernet  packets  back 
to  the  Layer  2  switch  for  process- 
ing.That  processing  is  handled  by 
a  switch  processor  from  Marvell, 
with  the  NextHop  software,  on  a 
separate  host  processor,  control¬ 
ling  wireless  authentication,  secu¬ 
rity  and  management  functions, 
and  coordinating  with  the  Next- 
Hop  code  on  the  access  point  for 
radio  frequency  management, 
load  balancing  and  other  jobs. 

Jennifer  Wu,  D-Link  product 
manager,  wasn’t  specific  about 
future  products,  but  she  made  it 
clear  that  D-Link  intends  to  ex¬ 
ploit  a  new  generation  of  switch 
silicon  that  will  support  Layer  3 
routing  and  handle  both  802.11 
and  802.3  data  packets  in  the 
switch  itself,  instead  of  in  the  ac¬ 
cess  point.  Such  a  device  “offers 
more  security  and  can  process 
packets  faster,”  she  says. 

Those  new  chips  are  being  cre¬ 


ated  by  start-ups  such  as  SiNett  as 
well  as  established  chip  makers 
such  as  Broadcom  and  Marvell. 
The  new  chips  incorporate  more 
logic  to  process  the  802.11  data 
packets  along  with  the  standard 
Ethernet  packets. 

“To  me, ‘unified’  means  all  pack¬ 
ets  are  centrally  processed  by  the 
switching  processor  in  their  native 
format,”  says  Shrikant  Sathe,  SiNett 
co-founder  and  vice  president  of 
marketing  and  operations.  “The 
switching  silicon  sorts  these 
[packets]  out  and  then  does  the 
right  thing  with  them.” 

Such  an  approach  gives  the 
switch  full  visibility  into  all  the  in¬ 
formation  contained  in  the  wire¬ 
less  packets,  he  says.  Among  other 
things,  that  visibility  makes  it  easi¬ 
er  for  intrusion  detection/preven¬ 
tion  systems  to  deal  with  wireless 
traffic. 

He  says  this  native  processing  of 
wireless  packets  will  become 
even  more  critical  when  802.1  In, 
which  promises  wireless  through¬ 
put  of  better  than  150Mbps,  is  im¬ 
plemented  in  products  in  late 
2007  or  2008.“These  [other]  archi¬ 
tectures  will  dead-end, ’’Sathe  says. 
“When  802.1  In  hits  the  market, 
you  will  run  into  limitations  in 
terms  of  supporting  large  num¬ 
bers  of  802. 1  In  access  points.” 

Not  everyone  agrees. 

“1  find  it  ironic  that  a  vendor 
would  claim  this  is  the  only  scal¬ 
able  approach,  because  the 
speeds/feeds  demands  on  [exist¬ 
ing]  wired  infrastructure  is  orders 
of  magnitude  greater  than  802. 1 1 , 
even  with  the  introduction  of 
802.1  In  in  2008,” says  Pat  Calhoun, 


CTO  for  Cisco’s  Wireless  Business 
Unit.  “Cisco  looked  at  many  chip- 
set  vendors  that  are  building  inte¬ 
grated  wired  and  wireless  chip- 
sets.  We  found  time  and  again  that 
these  vendors  had  nothing  above 
and  beyond  what  Cisco  already 
has.  We  looked  at  SiNett,  and  I’ll 
leave  it  at  that.” 

Calhoun  argues  that  the  real 
value  of  a  unified  wireless/wired 
LAN  lies  not  in  the  data  process¬ 
ing  plane  but  in  the  control  plane: 
in  a  common  set  of  policies  for 
authentication,  security  and  man¬ 
agement,  which  can  be  applied  to 
any  client. 

Cisco  last  year  introduced  the 
Wireless  Services  Module  for  the 
Catalyst  6500  switch.  The  module 
is,  in  essence,  a  WLAN  switch  that 
draws  power  from  the  6500  chas¬ 
sis,  uses  the  6500  backplane  and, 
most  importantly  can  make  use  of 
other  modules  in  the  same  chas¬ 
sis,  such  as  a  firewall,  or  the  Cisco 
Secure  Access  Control  Server. 
“Translating  802.11  into  802.3  is  a 
well-known  science,”  Calhoun 
says.  “Once  you  do  that,  you  want 
to  leverage  the  common  infra¬ 


structure  you’ve  set  up  for  your 
networks.” 

That  means  tying  into  the  back¬ 
end  management  and  authentica¬ 
tion  systems  and  the  various  net¬ 
work  services.  Asked  to  be  specif¬ 
ic, Calhoun  hesitates.'A  lot  of  inno¬ 
vation  still  needs  to  be  done,”  he 
says.  “Especially  on  the  manage¬ 
ment  side.That  s  an  area  where  we 
will  be  innovating  a  lot  more.” 

“You  need  one  single  manage¬ 
ment  interface,”  D-Link’s  Wu 
agrees.  D-Link’s  new  switches  have 
that,  she  says.  “But  hardware 
[design]  is  important.  It  can  shift 
functions  to  the  switch  silicon, 
which  is  simpler  and  cheaper. 
[Unification]  cannot  all  be  soft- 
ware-based.” 

In  the  end,  these  apparent  dif¬ 
ferences  may  not  be  substantive. 
“I  define  a  unified  switch  in  the 
enterprise  context  as  ‘no  sepa¬ 
rate  wireless  switch,”’  says  Craig 
Mathias,  principal  for  Farpoint 
Group.  “You  plug  something  into 
it,  and  the  switch  figures  out 
what  it  is  and  how  it  should  be 
treated.” 

Next-generation  silicon  from 
companies  such  as  SiNett  will  be¬ 
come  the  standard  hardware  for 
such  switches,  even  as  the  key  dif¬ 
ferentiators  are  implemented  in 
software,  ranging  from  the  chip 
level  to  the  application  level. 

Enterprise  network  executives 
should  be  talking  with  their  net¬ 
work  vendors  about  the  migration 
strategy  to  unified  switches,  about 
the  road  map  to  bring  wired  and 
wireless  security  together,  and 
about  switch  capacities  in  the 
future, Tower  Group’s  Egan  says. 

“Unifying  management  and 
security  is  going  to  define  the  win¬ 
ners  and  losers  [among  vendors] 
here,”  he  says.  “They  all  have  to 
address  this.”B 
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USB  tokens  tighten  up  secure-WAN  links 

Start-ups  KoolSpan  and  Sweetspot  combine  two-factor  authentication  and  encryption. 


BY  TIM  GREENE 

The  latest  additions  to  corporate 
secure-WAN  toolkits  are  USB 
tokens  that  authenticate  and  en¬ 
crypt  traffic,  tighten  security  and 
make  it  simpler  for  users  to  make 
connections  vs.  using  standard 
VPN  technology 

Two  start-ups,  KoolSpan  and 
Sweetspot,  incorporate  two-factor 
authentication  via  their  tokens,  in¬ 
creasing  the  security  of  user 
authentication  as  well  as  encrypt¬ 
ing  traffic.ln  KoolSpan’s  case, once 
a  connection  is  made,  the  devices 
change  their  encryption  keys  for 
every  packet  sent,  further  boosting 
the  secrecy  of  the  data  sent. 

Alternatives  would  call  for  a  VPN 
plus  separate  two-factor  authenti¬ 
cation  such  as  RSA  Secure  ID 
tokens. 

KoolSpan’s  SecureEdge  gear 
consists  of  keys,  its  name  for  the 
tokens,  and  locks,  which  are  appli¬ 
ances  located  on  corporate  net¬ 
works  and  protected  from  the  In¬ 
ternet  by  firewalls. The  keys  and 
the  locks  have  embedded  smart 
cards  that  contribute  to  two-way, 
two-factor  authentication;  the 
devices  authenticate  to  each 
other  rather  than  just  the  remote 
device  authenticating  one-way  to 
a  central  server. 

Once  authenticated  to  each 
other,  the  devices  go  through  a 
process  to  connect  the  remote 
machine  via  a  Layer  2  Ethernet 
bridge  link  (see  graphic,  above). 
Traffic  across  this  bridge  is  en¬ 
crypted  using  256-bit  Advanced 
Encryption  Standard  (AES),  and 
the  encryption  key  is  changed  for 
every  packet  sent.  AES  traffic  over 
a  standard  IPsec  VPN  uses  the 
same  encryption  key  for  an  entire 
session. 

Packet-by-packet  key  changes 
ensure  that  even  if  traffic  is  inter¬ 
cepted  and  a  key  is  somehow 
compromised  —  which  would 
take  powerful  computing  re¬ 
sources  and  time  —  the  attacker 
would  get  only  one  packets  worth 
of  data  and  then  have  to  try  to 
guess  the  key  for  the  next  packet 
by  trying  multiple  possibilities, 
according  to  Nick  Selby,  enter¬ 
prise  security  analyst  for  The  451 
Group. “This  is  very  strong  encryp¬ 
tion,’ he  says. 

Sandy  Spring  Bank  of  Olney, 
Md.,  purchased  KoolSpan  devices 


because  they  are  simpler  to  use 
and  more  secure  than  the  alter¬ 
native  it  had  used  —  a  combina¬ 
tion  of  an  RSA  smart  card  token 
and  a  Cisco  VPN,  says  Curt  Purdy, 
information  security  officer  for 
the  bank. 

Unlike  RSA  tokens,  the  Kool¬ 
Span  keys  require  no  manual 
copying  of  passwords  from  the 
device  to  a  computer  screen. 
“There’s  no  fumbling  with  a  fob, 
looking  at  the  code  on  it  and  typ¬ 
ing  it  in  and  having  it  change 
halfway  through,"  he  says.“You  just 
stick  the  USB  key  into  the  laptop 
and  type  in  the  password.” 

Plus  RSA  tokens  require  a  sepa¬ 
rate  server  that  demands  adminis¬ 
trative  time  for  upgrades  as  well  as 
resultant  upgrades  to  the  bank’s 
RADIUS  server,  he  says.  KoolSpan’s 
gear  is  self-contained,  and  he  esti¬ 
mates  it  requires  2%  of  adminis- 
See  VPN,  page  52 


KoolSpan’s  token  technology 

KoolSpan  sets  up  secure  links  between  sites  or  between  remote  users  and  corporate  networks 
using  hardware  tokens  and  a  network  appliance  that  authenticates  users  and  encrypts  traffic 
over  a  Layer  2  bridge. 


Customer  installs  a  KoolSpan  Client  Driver  in  remote 
machines  that  authenticates  users  to  the  KoolSpan 
Lock  then  turns  the  connection  over  to  the  KoolSpan 
Key  token,  which  sets  up  a  two-way  encrypted 
bridge  to  the  corporate  network. 


KoolSpan 


Windows  XP 
or  2000  PC 
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A  single  User  Datagram  Protocol  port  is  left 
open  in  the  corporate  firewall  to  allow  KoolSpan 
Client  Driver  requests  to  the  KoolSpan  Lock. 
No  other  firewall  reconfiguration  is  needed. 


KoolSpan  Lock 
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KoolSpan  Lock  forwards  the  client's  media-connect 
packet  to  the  corporate  DHCP  server  and  the 
remote  machine  is  assigned  a  LAN  IP  address.  Once 
a  link  is  established,  KoolSpan  Lock  decrypts  traffic 
and  drops  it  directly  on  the  corporate  Ethernet  LAN. 
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Retailers  hone  data-handling  skills 

Business  intelligence,  RFID,  data  synchronization  technologies  improve  store  operations. 


IT  obstacles 


A  lack  of  skilled  people  is  the  biggest  barrier  to  improving 
corporate  efficiency,  according  to  300  retailers  surveyed  for 
the  latest  Retail  Technology  Study  conducted  by  Gartner  and 
RIS  News. 


Obstacles  to  efficiency* 


Insufficient  skills  or  people  resources:  53% 


Lack  of  analytical  tools  and  technology:  37% 


* 
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Inadequate  data  management  systems:  34% 


Legacy  hardware  and  software 
isn’t  being  replaced:  31% 

Legacy  technology  in  the  store:  24% 


More  than  one  response  allowed. 


BY  ANN  BEDNARZ 

CHICAGO  —  The  key  to  keeping 
stores  stocked  with  the  items  cus¬ 
tomers  want  is  good  information, 
and  retailers  are  doing  all  they 
can  to  keep  system  data  clean, 
accurate  and  accessible  to  their 
suppliers. 

To  facilitate  better  data  handling, 
retailers  are  tackling  projects  to 
improve  business  intelligence, 
allow  data  synchronization  with 
partners  and  apply  RFID  technol¬ 
ogy.  Early  adopters  shared  their 
stories  last  week  at  the  Retail 
Systems  show  in  Chicago. 

Among  them  was  AutoZone  CIO 
Ken  Brame,  who  talked  about  the 
analytics  platform  that  helps  the 
$6  billion  auto  parts  retailer  de¬ 
cide  which  items  to  stock  in  each 
of  its  3,700  stores. 

Millions  of  parts  are  available, 
but  the  average  AutoZone  store  can  only 
accommodate  22,000  items.  So  AutoZone  reg¬ 
ularly  crunches  25TB  of  data  —  including 
sales  history  and  vehicle  registration  informa¬ 
tion  organized  by  ZIP  code  —  to  determine 
which  parts  local  customers  are  likely  to 
need  based  on  the  cars  they  drive,  according 
to  Brame. 

To  give  the  stores  access  to  current  inven¬ 


tory  data,  Brame  bolstered  the  network  that 
links  AutoZone’s  stores  to  its  corporate 
offices  and  to  the  company’s  vendors.  He 
swapped  out  satellite  links  for  broadband 
connectivity  so  retail  staff  can  quickly  view 
inventory  at  nearby  stores,  distribution  cen¬ 
ters  and  partners’  salvage  yards  if  a  customer 
needs  a  part  that  isn’t  available  on-site. 
“Satellite  technology  is  very  good  for  things 


like  credit  card  transactions,  but 
with  the  kinds  of  data  we’re 
moving  back  and  forth  and 
checking,  we  needed  faster  turn¬ 
around,”  Brame  said. 

AutoZone  isn’t  alone  in  upping 
bandwidth  to  its  stores.  Accor¬ 
ding  to  research  released  at  the 
conference,  22%  of  retailers  have 
started  or  will  start  in  2006  a  pro¬ 
ject  to  outfit  stores  with  high¬ 
speed  connections. 

Network  infrastructure  projects, 
in  general,  are  a  top  priority  for 
retailers,  according  to  the  Retail 
Technology  Study  conducted  by 
Gartner  and  RIS  News  of  300  re¬ 
tailers.  One-third  of  retailers  sur¬ 
veyed  have  a  voice/data  conver¬ 
gence  project  in  the  works  or  due 
to  begin  this  year, and  27%  are  im¬ 
plementing  or  about  to  imple¬ 
ment  wireless  LANs. 

Also  on  retailers’  shopping  lists  are  tools  to 
assist  merchandising.  Almost  40%  of  respon¬ 
dents  plan  to  start  a  major  project  to  upgrade 
their  sales  forecasting  capabilities  this  year  or 
within  the  next  two  years.  Other  merchandis¬ 
ing-related  projects  due  to  be  launched  target 
assortment  planning  (37%), price  optimization 
(36%)  and  item  allocation  (34%). 

See  Retail,  page  12 


How  do  you  ensure  compliance  and  manage  costs  when  your  security  is  less  than  certain?  Even  "zero-day"  solutions  aren't  fast  enough  to 
protect  against  losses  once  an  Internet  attack  hits.  The  alternative  is  preemptive  security  from  Internet  Security  Systems.  Because  our  enterprise 
solutions  are  based  on  the  world's  most  advanced  vulnerability  research,  only  ISS  can  can  offer  preemptive  security  and  stop  threats  before  they 
impact  your  business.  So  why  rely  on  "reaction"  when  security  can  be  a  sure  thing? 


Need  proof?  Get  a  free  whitepaper,  Preemptive  Security:  Changing  the  Rules,  at  www.iss.net/proof  or  call  800-776-2362. 
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Retail 

continued  from  page  10 

The  survey  also  shows  that 
while  plans  to  implement  RFID 
technology  aren’t  as  solid  as 
other  IT  areas,  the  wireless  track¬ 
ing  technology  is  on  a  growing 
number  of  retailers’  radars. 
Gartner  found  4%  of  respon¬ 
dents  are  in  the  process  of  imple¬ 
menting  RFID  technology  and 
12%  plan  to  kick  off  projects  this 
year. 

Item-level  tagging  to  begin 

Best  Buy  is  one  of  the  domi¬ 
nant  retailers  helping  to  drive 
RFID  adoption.  CIO  Bob  Willett 
talked  about  an  emerging  appli¬ 
cation  for  RFID  in  retail  settings: 
item-level  tagging.  Much  of  the 
RFID  focus  in  the  world  of  retail 
and  consumer  goods  so  far  has 
been  on  tagging  cases  and  pal¬ 
lets  of  goods.  But  industry  watch¬ 
ers  agree,  item-level  RFID  tagging 
is  the  next  frontier. 

Best  Buy  recently  wrapped  up 
a  pilot  project  that  involved 
putting  RFID  tags  on  video 
games  destined  for  one  of  its 
Minneapolis  stores.  One  goal  was 
to  provide  better  inventory  infor¬ 
mation  so  sales  associates  could 
spend  more  time  helping  cus¬ 
tomers  and  less  time  stocking 
shelves  or  digging  for  merchant 
dise  in  the  back  room. 

It  worked,  Willett  said.  Staff 
spent  less  time  replenishing 
shelves  and  30%  more  time  on 
the  floor,  he  reported.  At  the 
same  time,  sales  of  RFID-tagged 
merchandise  rose  18.7%  and  on- 
shelf  product  availability  in¬ 
creased  from  between  80%  and 
88%  to  more  than  98%. 

Best  Buy  plans  to  extend  its 
pilot  to  50  stores,  Willett  said.  But 
he’s  holding  off  implementing 
item-level  tagging  across  all  Best 
Buy  stores  until  the  technology 
matures. 

Integration  between  RFID  pro¬ 
ducts  and  supply  chain  applica¬ 
tions  such  as  forecasting  and 
auto  replenishment  systems  isn’t 
complete, Willett  said.“We  would 
sign  up  now  to  do  the  entire 
chain  in  games,  music  and  DVDs 
if  the  capability  was  there.lt  isn’t 
there.  It  won’t  be  there  probably 
for  another  18  months  to  two 
years.”  ■ 

WIRELESS 

COMPUTING  DEVICES 

Subscribe  to  our  free  newsletter. 

DocFinder:1927  www.networkworld.com 


FEIWA  talks  up  its  IT  changes 


The  office  of  the  CIO  for  the 
Federal  Emergency  Manage¬ 
ment  Agency  has  made  several 
changes  in  the  past  year  to  bet¬ 
ter  communicate  with  state  and 
local  officials,  support  citizens 
who  need  assistance,  and  keep 
better  track  of  assets  such  as 
food  and  water.  Network  World  Senior  Editor  Denise 
Pappalardo  recently  spoke  with  FEMA  CIO  Barry  West  and 
Deputy  CIO  Jeanne  Etzell  about  some  of  these  changes. 
(West  is  about  to  make  a  career  change  as  he  heads  over 
to  the  Department  of  Commerce  to  become  its  CIO.) 


gram  called  Internet  Cafe  where  we  have  modified  mobile 
homes  to  have  20  PCs  and  20  telephones. They  will  be  moving 
around  in  the  disaster  theatre. Victims  will  be  able  to  register 
themselves  from  these  units. 

What  type  of  wireless  technology  is  being  used? 

Etzell:  Satellite  Internet  access.  We  have  about  five  vehicles  that 
we  are  piloting  this  season.  And  then  we’ll  make  a  decision  for 
next  season  if  we’ll  expand  or  not.These  units  are  in  addition  to 
our  55  MDRCs  that  are  directly  connected  to  FEMAs  network. 

What  other  technology  changes  have  occurred  in  the  past  year? 

West:  We’ve  just  about  99%  completed  our  new  network  at 
FEMA,  which  will  make  us  IPv6  ready  from  a  hardware  perspective. 
We  will  still  need  to  go  back  and  look  at  some  of  our  software  that 
is  hard-coded  with  IP  addresses  that  we’ll  have  to  change. 


What  are  some  of  the  changes  in  your  department  that  make  FEMA  bet¬ 
ter  equipped  to  aid  in  future  disasters? 

West:  There’s  a  lot  that  has  happened  since  last  hurricane  sea¬ 
son.  What  we’ve  done  is  gone  back  and  look  at  our  core  systems 
that  we  used  and  significantly  enhanced  those  systems.  One 
example  is  NEMIS,  the  National  Emergency  Management 
Information  System. This  system  processes  all  disaster  victim 
claims  for  issuance  of  checks  for  aid.  We’ve  gone  back  and  made 
this  system  more  robust  using  the  latest  and  greatest  from  Oracle. 
And  we’ve  moved  applications  that  were  running  on  Microsoft  to 
Linux.The  system  does  a  lot  of  replication.  We  have  been  able  to 
take  advantage  of  some  of  the  Web  services  features  that  don’t 
require  as  much  transfer  of  data. 

How  will  the  upgrade  better  support  disaster  victims? 

West:  NEMIS  was  originally  designed  to  support  20,000  to 
25,000  applications  daily.  During  [Hurricane]  Katrina  the  system 
was  stretched  to  support  nearly  1 10,000  applications  daily  Going 
into  this  hurricane  season  we’re  trying  to  make  it  more  robust. 

Etzell:  We’re  trying  to  process  200,000  registrations  per  day  in 
addition  to  the  normal  caseload  activities  that  occur  at  the  call 
centers.  What  we’re  testing  right  now  is  putting  a  load  on  the 
application  to  simulate  the  call  center  load  plus  200,000  transac¬ 
tions  in  a  24-hour  period.  Our  results  look  positive,  but  we  have 
an  independent  test  firm  coming  in  to  test  and  get  me  the 
specifics. ...  By  upgrading  to  the  new  Oracle  cluster  servers  and 
grid  environment  we  have  been  able  to  eliminate  some  replica¬ 
tion  that  shut  down  the  system  for  backup. 

There  were  reports  post-Katrina  that  some  citizens  had  to  return 
checks  to  FEMA.  What  has  been  done  to  minimize  fraud? 

West:  We’re  now  using  ChoicePoint  for  all  registrations.  It’s  a  ser¬ 
vice  that  verifies  and  authenticates  data  against  an  applicant.  If  a 
person  enters  their  name,  Social  Security  number  and  address,  this 
database  is  smart  enough  to  know  if  something  doesn’t  add  up. 


What  benefits  does  the  new  network  bring? 

West:  More  IP  addresses  —  that’s  probably  the  biggest  benefit. 
There  is  also  some  added  security,  such  as  port  security 

You've  said  that  communication  between  first  responders  was  a  sig¬ 
nificant  problem  post-Katrina.  What  has  changed  to  improve  this? 

West:  One  area  that  we’ve  tried  to  focus  on  is  situational  aware- 
ness.This  is  having  information  in  the  hands  of  all  of  those 
involved  at  the  same  time  regardless  of  location.  In  other  words, 
the  information  could  be  originating  from  FEMA  or  out  in  the 
field  or  [Department  of  Homeland  Security]  headquarters  or  the 
Coast  Guard. 

Etzell:  It’s  called  HSIN,  or  Homeland  Security  Information 
Network. 

What  about  physical  communication  on  the  ground?  How  has  that 
improved? 

West:  When  the  last  hurricane  season  ended  we  took  a  step 
back  and  really  worked  closely  with  DHS  and  some  of  our  other 
key  players  such  as  the  Coast  Guard.  First  thing  we  did  was  take  an 
inventory  of  all  of  our  communication  assets.  We  really  didn’t  have 
that  going  into  last  hurricane  season.  We  knew  what  FEMA  had, 
but,  for  example,  we  didn’t  know  what  the  Coast  Guard  had  as  far 
as  tactical  communications.  So  now  we  put  in  place  standard 
operating  procedures  where  if  we  have  an  event  in  a  certain  area 
of  the  Gulf  Coast  region  we  know  what  assets  are  near  that  event. 

How  is  FEMA  using  GPS  for  asset  tracking? 

Etzell:  GPS  we  used  in  a  very  rudimentary  way  last  year  and 
we  now  have  what  we  call  total  asset  visibility.  It’s  a  system 
that’s  going  to  track,  via  GPS  technology  and  other  software,  the 
location  of  current  loads  of  certain  commodities  going 
through  two  of  our  logistic  centers,  one  in  Atlanta  and  the 

other  is  in  Fort  Worth, Texas _ There  are  select  vendors  that 

can  track  the  shipments  by  the  trailer  load.  It  tracks  the  trailers 
not  the  trucks. 


I  understand  that  about  40%  of  all  applications  for  assistance  were 
processed  via  the  Web.  Are  you  shooting  for  a  higher  percentage? 

West:  We  would  love  to  see  more. Those  numbers  also  include 
FEMA  going  out  into  the  field  with  our 
Mobile  Disaster  Response  Centers  [MDRC] 
assisting  with  applications.There  is  a 
whole  host  of  ways  those  Internet  num¬ 
bers  are  increasing. 

Etzell:  This  year  we  are  piloting  a  pro¬ 


What  assets  are  you  actually  tracking  with  the  GPS  system? 

Etzell:  Water,  ice,  meals,  plastic  sheeting,  tarps,  generators  and 

select  vehicles  such  as  our  NDMS  [National 
Disaster  Medical  Systems]  teams. They  have 
99  vehicles,  and  all  99  are  tracked  via  GPS. 
And  last  year  when  we  had  such  challenges 
in  the  Gulf  Coast  we  turned  the  GPS  devices 
on  to  find  some  of  the  NDMS  teams.  ■ 


|  Read  a  longer  version  of  the  inter¬ 
view  at  www.nwdocfinder.com/3658 
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_THE  INVASION 


_DAY  11:  This  storage  sprawl  is  mind  boggling.  All 
this  data  is  suffocating.  The  boxes  are  everywhere. 
And  what  they  lack  in  scalability  and  access,  they 
make  up  for  in  cost  and  sheer  numbers.  I’ ve  gone  into 
hiding  under  my  desk.  I  don’ t  know  what  else  to  do. 


_This  can’t  be  good  for  my  posture.  There  s  got  to  be 
a  better  way. 
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Triple  threat 

Microsoft  is  lining  up  three  major  projects  for  testing  and 
eventual  release.  Last  week,  the  company  released  the  second 
betas  of  Windows  Longhorn  Server,  Vista  and  Office  at  its 
annual  Windows  Hardware  Engineering  Conference. 


Software 

What’s  new 

What’s  coming 

Longhorn 

The  second  beta  is  available. 

Feature-complete  Beta  3  due  in  first 
half  of  2007. 

Vista 

Beta  2  is  the  “consumer 

Still  on  track  for  November  release  to 

beta."  Will  include  Application 
Compatibility  Toolkit  5.0. 

business  users. 

Office 

Beta  2 

Nearly  ready  to  go;  release  set  for 
November  to  business  users. 

WinHEC 

continued  from  page  1 

Manager  includes  17  roles. 

“In  Beta  2  almost  all  the  roles  are 
enabled,  but  not  all  the  pieces  are 
there  for  every  role,”  said  Jeff 
Price,  senior  director  for  Windows 
Server  Product  Management. 
‘Testers  put  the  server  through  its 
paces  for  the  deployment  scenar¬ 
ios  they  want,  but  they  can’t  go  to 
production  because  of  our  licens¬ 
es.”  Price  said  Microsoft  is  still 
working  through  what  roles  will 
be  released  first  and  would  reveal 
more  details  at  the  company’s 
annual  TechEd  conference  sched¬ 
uled  for  the  week  of  June  12. 

In  addition  to  the  Beta  2  rollout, 
Microsoft  said  the  first  release  of 
Longhorn  Server,  slated  for  the 
second  half  of  2007,  would  be  the 
last  that  comes  in  a  32-bit  version. 
Starting  with  Longhorn  Server  R2 
in  2009,  the  server  will  only  ship  in 
a  64-bit  version.  Microsoft  is  con¬ 
verting  most  of  its  application 
servers  to  the  64-bit  platform,  with 
SQL  Server  and  Exchange  2007 
leading  the  way  Price  added  that 
Microsoft  was  not  revealing  what 
features  are  planned  for 
Longhorn  R2. 

Beta  3  of  Longhorn  will  be  re¬ 
leased  in  the  first  half  of  2007  and 
will  include  the  new  Terminal 
Server  Gateway  Server,  according 
to  Microsoft.  The  company  also 
plans  to  release  within  180  days  of 
Longhorn  Server  its  hypervisor  vir¬ 
tualization  technology  code- 
named  Viridian.  It  previously  said 
Viridian  would  ship  after  Long¬ 
horn  but  did  not  provide  a  defini¬ 
tive  time  frame. 

Analysts  say  Microsoft  is  pulling 
out  its  Go  Live  licensing  for  Long¬ 
horn  to  get  real-world  exposure 
for  the  server. 

“Part  of  Go  Live  is  to  signal  that 
real  testing  is  starting,”  said 
Michael  Cherry  an  analyst  with  in¬ 
dependent  research  firm 
Directions  on  Microsoft.  “If  this 
stuff  is  not  in  production,  how 
do  you  get  valuable  feedback? 
The  server  people  need  to  stress 
this  stuff.” 


Cherry  also  said  coupling  the 
server  with  IIS  7.0  is  likely  a  move 
to  encourage  usage  of  ASPNet. 

Microsoft  has  offered  Go  Live 
licenses  for  other  technology  in¬ 
cluding  SQL  Server  and  .Net. 

“For  customers  that  need 
some  features  sooner  and  can 
participate  with  Microsoft  this  is 
a  win-win  situation,”  said  Tyson 
Hartman,  CTO  of  systems  inte¬ 
grator  Avanade,  which  is  a  joint 
venture  between  Microsoft  and 
Accenture.  “Certainly  it  speaks 
to  the  quality  and  stability  of 
the  product.” 

Even  so,  Microsoft’s  Price  said  he 
does  not  expect  mass  rollouts  of 
Longhorn  Beta  2. 

“We  are  taking  the  time  to  make 
sure  we  get  this  right  because  we 
want  to  make  sure  Longhorn  is  a 
clear  step  forward  from  Windows 
Server  2003,”  said  Bob  Muglia, 
senior  vice  president  of  Micro¬ 
soft’s  server  and  tools  division. 

In  addition  to  the  surprise  an¬ 
nouncement  on  production  de¬ 
ployments,  Microsoft  began  to 
detail  other  features  it  plans  to  in¬ 
clude  in  Longhorn. 

Addressing  errors 

The  company  is  adding  a  new 
infrastructure  within  the  operat¬ 
ing  system  called  the  Windows 
Hardware  Error  Architecture, 
which  is  designed  to  provide  a 
standard  way  to  handle  system 
hardware  errors  in  server  hard¬ 


ware  that  supports  WHEA. 

WHEA  lets  users  manage  poten¬ 
tial  error  sources  such  as  proces¬ 
sor,  memory  cache  and  I/O  bus. 
Hardware  vendors  will  stipulate 
certain  attributes  to  be  managed 


on  each  hardware  component. 
WHEA  will  not  cover  such  com¬ 
ponents  as  fans  and  will  not  sup¬ 
port  PCI  Express  in  the  first  ver¬ 
sion  of  Longhorn,  according  to 
Microsoft. 

Microsoft  also  plans  to  include 
its  BitLocker  technology  in  Long¬ 
horn. The  file  encryption  technol¬ 
ogy  is  a  highlight  of  the  Vista  client 
operating  system. 

In  the  server,  BitLocker  will  be 
used  to  protect  servers  by  pre¬ 
venting  malicious  software  or 
users  from  executing  a  boot 
sequence  that  is  different  than 
what  is  stored  in  BitLocker.  The 
technology,  which  relies  on  a 
Trusted  Platform  Module  in¬ 
stalled  in  the  hardware,  is  the  first 
hint  at  Microsoft’s  Next  Gener¬ 
ation  Secure  Computing  Base 
technology  code-named 

Palladium. 

In  addition,  Microsoft  showed 


the  BitLocker  technology  was  a 
good  way  to  secure  branch-office 
deployments  of  the  server  but 
stopped  short  of  saying  Longhorn 
would  include  a  specific  branch- 
office  version. 

Also  in  the  security  area,  Long¬ 
horn  will  include  integration  of 
digital  rights  management  with 
the  identity  federation  technol¬ 
ogy,  Active  Directory  Federation 
Services,  which  is  part  of  Windows 
Server  2003  R2. 

Muglia  also  said  Windows 
Small  Business  Server  R2  would 
ship  sometime  this  summer  and 
Windows  Server  Compute 
Cluster  Edition  would  ship  by 
year-end.  Microsoft’s  mid-market 
server  bundle  code-named 
Centro  is  scheduled  to  ship  in 
2008.  Centro  brings  together 
Longhorn,  Exchange  Server  and 
security  technologies  for  midsize 
companies.B 


Corrections 


*  The  story  “Airport  saturates  locale  with  wireless  net"  (Feb.  27,  page  19) 
should  have  listed  the  cellular  adapters  used  by  airport  laptop  users  as  a 
Verizon-branded  Sierra  Wireless  AirCard. 

-  The  story  “Gartner  analyst:  Resist  Gig  Ethernet"  (May  22,  page  1)  should 
■:m  noted  the  cost  of  a  Gigabit  port  was  80%  to  300%  more  than  the  price  of 
a  Fast  Ethernet  port. 


IBM  boosts  storage  software 


BY  DENI  CONNOR 

IBM  last  week  enhanced  popular  data  pooling  and 
storage  virtualization  software  to  include  business 
continuity  and  disaster  recovery  capabilities,  as  well 
as  faster  performance  and  support  for  more  storage 
platforms.The  company  also  recently  announced 
that  more  than  2,000  customers  now  use  its  storage 
virtualization  software. 

IBM  is  adding  4Gbps  Fibre  Channel  support,  in¬ 
creased  interoperability  with  a  variety  of  disk  sys¬ 
tems  and  asynchronous  replication  capability  to  its 
TotalStorage  SAN  Volume  Controller  (SVC),  letting 
customers  support  faster  Fibre  Channel  storage-area 
networks  and  protect  data  on  storage  systems. 

The  SVC  software  runs  on  a  cluster  of  x86-based 
IBM  computers  attached  to  Brocade  Communi¬ 
cations,  McData  and  Cisco  Fibre  Channel  switches, 
where  it  can  manage  data  on  those  storage  systems. 
It  creates  pools  of  disks  from  those  storage  systems, 
which  can  be  mapped  to  a  set  of  virtual  disks  for  use 
by  host  server  applications.  These  applications  may 
be  the  migration  of  data  for  information  life-cycle 
management  purposes  or  the  replication  of  data  for 
business  continuity 

The  new  version,  SVC  4.1,  includes  a  global  mirror¬ 
ing  function  that  lets  customers  replicate  data  across 
locations  of  greater  than  100  miles.  Global  Mirror, 
which  has  no  distance  limitations,  is  based  on  IBM’s 
synchronous  Metro  Mirror  technology  which  sup¬ 
ports  replication  distances  of  only  100  miles. 
Because  Global  Mirror  is  asynchronous  and  sup¬ 
ports  longer  latencies,  longer-distance  replication  is 
possible. 

“The  latest  version  of  IBM  SVC  brings  good  news  to 
those  who  need  to  support  data  protection  for  busi¬ 
ness  continuity  and  disaster  recovery  over  long  dis¬ 
tances  with  asynchronous  remote  mirroring  and 
replication,”  says  Greg  Schulz,  senior  analyst  for 
StoragelO. 


“The  support  for  asynchronous  replication  will 
enable  SVC  nodes  to  leverage  IP  and  WAN  network 
interfaces  natively  without  having  to  rely  upon  exter¬ 
nal  third-party  asynchronous  technologies  such  as 
McData’s  UltraNet  Edge  Storage  Router)’ Schulz  says. 

IBM  says  global  mirroring  is  important  because  of 
natural  disasters  such  as  Hurricane  Katrina  that  can 
cause  damage  over  more  than  100  miles. 

In  addition,  Global  Mirror  and  Metro  Mirror  do  not 
require  the  same  storage  arrays  at  both  locations, 
allowing  customers  to  deploy  older  storage  at  the 
secondary  disaster  recovery  site.  For  instance,  a  cus¬ 
tomer  may  replicate  data  between  an  IBM  Total- 
Storage  DS4800  at  the  primary  site  and  an  older  EMC 
Symmetrix  at  the  secondary  site. 

SVC  4.1  also  supports  4Gbps  Fibre  Channel  envi¬ 
ronments  and  more  than  80  disk  systems,  including 
Hitachi’s  TagmaStore,  the  IBM  DS4700  and  the  Open- 
VMS  operating  environment. 

Further,  SVC  lets  customers  replace  nodes  in  the 
SVC  cluster  with  newer  ones  without  disrupting  ac¬ 
cess  to  data. 

The  use  of  storage  virtualization  products  such  as 
IBM’s  SVC  is  on  the  rise.  An  IDC  study  shows  that  ven¬ 
dors  such  as  IBM,FalconStor  and  EMC  shipped  more 
than  28  petabytes  of  virtualization  software  and 
appliances  in  2005,  a  more  than  fourfold  increase 
over  2004. 

IBM’s  SVC  competes  with  EMC’s  Invista  and  the 
built-in  virtualization  capabilities  of  Hitachi’s  Tagma¬ 
Store  Universal  Storage  Platform.  Although  EMC’s 
Invista  does  not  have  asynchronous  replication 
capability,  the  company  is  expected  to  build  it  in 
with  its  acquisition  of  Kashya,  a  remote  replication 
vendor. 

IBM’s  SVC  4.1  is  scheduled  to  be  available  next 
month  starting  at  $42,500.  Existing  Metro  Mirror  cus¬ 
tomers  will  get  Global  Mirror  at  no  cost.  Metro  Mirror 
and  Global  Mirror  each  start  at  $10,500.B 


Take  back  control ™  with  IBM  System  Storage .™ 

Control  means  manageability.  IBM  System  Storage  can  consolidate 
your  diverse  environments  into  a  single  footprint,  while  maintaining  the 
necessary  separation  of  those  environments. 


Control  means  simplicity.  Access  systems  management  information 
from  a  common  interface  that  lets  you  manage  your  storage  platforms,  even 
non-IBM  platforms. 

Control  means  flexibility.  IBM  System  Storage  doesn’t  lock  you  into 
bigger  up-front  systems.  A  range  of  products  gives  you  cost-effective 
scalability  so  you  can  pay  as  you  grow. 

Control  means  less  is  more.  IBM  Systems  offer  a  broad  portfolio  of 
storage  solutions  designed  to  help  simplify  your  infrastructure,  not  to 

mention  your  life. 


IBM.COM/TAKEBACKCONTROL/STORAGE 


Storage  products  may  require  purchase  of  more  than  one  product  to  implement  these  capabilities  and  may  not  be  available  on  pictured  product.  IBM,  the  IBM  logo.  System  Storage,  and  Take  Back  Control  are  trademarks  or  registered 
trademarks  of  International  Business  Machines  Corporation  in  the  United  States  and/or  other  countries.  Other  company,  product,  and  service  names  may  be  trademarks  or  service  marks  of  others  "32006  IBM  Corporation.  All  rights  reserved 
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MPLS 

continued  from  page  1 

giant’s  computing  and  network 
operations  unit.  The  Chicago 
company  has  conducted  multi- 
casts  with  as  many  as  6,000  par¬ 
ticipants  across  its  MPLS  back¬ 
bone. 

“We  found  that  as  these  events 
got  larger  and  larger,  our  [media] 
servers  were  incapable  of  sourc¬ 
ing  that  many  unicast  flows,”  Hill 
said.  “We  also  use  multicast  for 
some  of  our  production  control 
applications.” 

The  Boeing  network  supports 
five  classes  of  service  for  5  mil¬ 
lion  minutes  per  month  of  voice 
and  video  over  IP  applications, 
Hill  said. The  company  opted  for 
a  Layer  3  implementation  in  2000 
so  that  it  could  hand  off  manage¬ 
ment  of  its  routing  tables  to  its 
service  provider,  AT&T. 

“Using  a  Layer  1  and  Layer  2 
transport  basically  means  that 
we  were  responsible  for  the 
entire  routing  architecture  end- 
to-end,  and  the  maintenance  of 
that  backbone  end-to-end,”  Hill 
said. 

Also,  Draft  Martini  was  the  only 
MPLS  Layer  2  option  when 
Boeing  decided  to  go  from  an 
ATM  and  frame  relay  hub-and- 
spoke  architecture  to  a  meshed 
MPLS  VPN  in  2000,  Hill  said. 
Multicast  and  QoS  requirements 
were  lacking,  and  latency  and  jit- 


VPLS  service  status 

Virtual  private  LAN  service 
plans  from  the  top  10  U.S. 
Ethernet  service  providers, 
listed  in  order  of  market 
share  based  on  revenue. 


Service  provider 

VPLS  status 

AT&T/SBC 

Planned 

Verizon/MGI 

Planned 

BellSouth 

Planned 

Cogent 

Not  offered 

Time  Warner  Telecom 

Offered 

Yipes 

Offered 

Qwest 

Planned 

Sprint 

Planned 

OnFiber 

Offered 

Level  3/WilTel 

Offered 

SOURCE:  VERTICAL  SYSTEMS  GROUP 


ter  were  challenges  in  the  old 
Layer  2  ATM/frame  environment, 
he  said. 

Making  the  shift  has  eliminated 
redundancies  and  greatly  re¬ 
duced  maintenance,  enabling 
Boeing  to  slash  its  telecom  costs 
in  half. 

Nonetheless,  the  company  is 
evaluating  VPLS  for  its  metropoli¬ 
tan  regions.  But  Hill  said  the  tech¬ 
nology  “still  has  a  long  way  to  go.” 

The  Securities  Industry  Auto¬ 
mation  Corp.  (SIAC)  turned  to 
Layer  3  MPLS  VPNs  looking  for  a 


way  to  safely  multicast  market 
data  between  exchanges  and 
other  financial  institutions  after 
the  Sept.  1 1  attacks. 

The  VPN  services,  which  adhere 
to  the  IETF  RFC  2547bis  specifi¬ 
cation,  form  the  guts  of  SIAC’s 
Secure  Financial  Transaction  In¬ 
frastructure  network. 

“When  we  were  building  this, 
VPLS  technology  was  still  very 
immature,”  said  Naishen  Wang, 
senior  manager  of  communica¬ 
tions  planning.  “Another  thing 
with  multicast  is  we  do  entitle¬ 
ments”  where  the  customer  can 
choose  between  multicast  prod- 
ucts.“Its  a  little  harder  to  do  in  a 
VPLS  environment.” 

Layer  3  was  also  adopted  by 
financial  brokerage  AG  Edwards 
for  its  service-oriented  architec¬ 
ture,  which  is  designed  to  ensure 
that  QoS  is  applied  to  voice  and 
video  services. 

“We’re  under  a  lot  of  pressure  . . 
.  to  provide  a  service-oriented  ar¬ 
chitecture  that  allows  our  busi¬ 
ness  units  to  create  services  that 
bring  up  applications  really  fast,” 
said  Ken  Owens,  communica¬ 
tions  architect  at  the  St.  Louis 
company 

The  network  also  ensures  appli¬ 
cation  availability  “Downtime  in 
the  financial  industry  is  a  term 
no  one  uses.  There  is  no  down¬ 
time,”  he  said. 

MPLS  supports  uptime,  Owens 
said,  through  its  “any-to-any”  char¬ 


acteristics  that  facilitate  rapid 
failover  to  a  secondary  data  cen¬ 
ter  should  the  primary  fall 
offline. 

“We  could  lose  one  of  our  data 
centers  and  still  function  on  the 
other  data  center  100%,”  he  said. 

AG  Edwards  is  implementing  a 
three-layer  architecture,  with 
MPLS  serving  as  the  virtualiza¬ 
tion  layer  between  the  physical 
infrastructure  and  logical  ser¬ 
vices  layers. 

MPLS  facilitates  a  utility  or  grid 
computing  model  of  dynamic 
resource  allocation  in  which  it 
“advertises”  the  services  available 
to  and  between  business  units, 
Owens  said. 

The  MPLS-enabled  Layer  3 
Border  Gateway  Protocol  back¬ 
bone  connects  750  sites  and  re¬ 
places  a  carrier-managed  Layer  2 
frame  relay  network. 

VPLS  also  is  viewed  as  an  even¬ 
tual  replacement  for  frame  relay 
more  so  than  as  an  alternative  to 
Layer  3  MPLS  VPNs  (www.nwdoc 
finder.com/3657),  experts  said. 

And  the  limitations  of  VPLS  are 
not  lost  on  the  technology’s 
authors. 

Marc  Lasserre,  chief  scientist  at 
Lucent,  acknowledged  the  need 
to  further  optimize  VPLS  for  ser¬ 
vice-oriented  applications  such 
as  multicast. 

He,  industry  analysts  and  carri¬ 
ers  said  that  Layer  2  and  3  MPLS 
VPN  technologies  will  comple¬ 
ment  each  other  more  than  com¬ 
pete. 

It  may  be  as  simple  as  an  enter¬ 
prise  deciding  to  opt  for  Layer  2 
to  retain  management  of  its  rout¬ 
ing  tables  or  Layer  3  to  outsource 
that  responsibility 

“I  don’t  think  it’s  a  zero-sum 
game,”  said  Josh  Holbrook  of  the 
Yankee  Group.  “I  don’t  think  one 
of  those  services  will  prevail  over 
the  other.  Layer  2  reduces  com¬ 
plexity  . .  but  more  organizations 
are  comfortable  outsourcing 
their  routing  tables.” 

“There’s  still  a  lot  of  folks  who 
talk  about  Layer  2  vs.  Layer  3  as  a 
holy  war,”  said  Jamey  Heinze, 
senior  director  of  product  man¬ 
agement  for  data  and  media  ser¬ 
vices  at  Broadwing  Communi- 
cations.“But  we  kind  of  see  it  as  a 
blessed  synergy,  or  two  services 
that  live  in  harmony  with  one 
another”* 

VPNs 
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Flaw  found  in  Symantec  antivirus 


BY  ROBERT  MCMILLAN,  IDG  NEWS  SERVICE 

Security  researchers  at  eEye  Digital  Security  have 
discovered  a  serious  flaw  in  Symantec’s  enterprise 
antivirus  software  that  could  be  used  by  hackers  to 
create  a  self-replicating  worm  attack  against 
Symantec  users. 

Because  Symantec  has  not  yet  confirmed  the  exis¬ 
tence  of  the  problem,  much  less  patched  it,  eEye  is 
offering  few  details  on  the  vulnerability  which  was 
disclosed  last  week.  If  confirmed,  the  threat  to  users 
would  be  severe  because  the  security  software  is  so 
widely  used,  experts  say 

“This  is  definitely  a  wormable  flaw/’ says  Mike  Puter- 
baugh,  eEye’s  vice  president  of  marketing.  “It  does 
allow  you  to  take  remote  control  of  the  system.” 

Similar  to  viruses,  worms  are  able  to  spread  from 
computer  to  computer,  and  past  attacks  such  as 
2003s  Blaster  and  Slammer  worms  were  wide¬ 
spread. 

Symantec  is  evaluating  eEye’s  claims  and  “if  nec¬ 
essary,  will  provide  a  prompt  response  and  solu¬ 
tion,"  a  Symantec  spokesman  said  last  week. 

EEye  Chief  Hacking  Officer  Marc  Maiffret  believes 
it  will  take  Symantec  a  “month  or  two”  to  patch  the 


problem. “The  vulnerability  is  pretty  straightforward 
for  them  to  identify  within  their  code,”  he  says. 

Version  10  and  greater  of  Symantec’s  enterprise 
antivirus  software  is  affected  by  the  flaw,  but  the 
company’s  consumer  products  do  not  have  the 
bug,  Maiffret  says. 

This  is  not  the  first  flaw  to  be  reported  in  Syman¬ 
tec’s  security  products,  which  have  increasingly 
come  under  the  scrutiny  of  hackers  and  security  re¬ 
searchers  over  the  past  year.  Last  December,  re¬ 
searcher  Alex  Wheeler  discovered  a  flaw  in  Syman¬ 
tec’s  Antivirus  Library  that  could  let  remote  attack¬ 
ers  gain  control  of  systems  that  used  Symantec’s 
products. 

In  October  a  critical  flaw  was  found  in  the  com¬ 
pany’s  Scan  Engine  software.  Scan  Engine  is  Web 
server  software  used  by  developers  to  incorporate 
Symantec’s  scanning  technology  into  their  own 
applications. 

The  most  serious  of  these  now  patched  problems 
concerned  a  design  flaw  in  Symantec’s  authentica¬ 
tion  mechanism, allowing  anyone  who  understands 
the  underlying  communication  protocol  to  seize 
control  of  the  Scan  Engine  server.  ■ 
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Check  Point  Security 

announces  the  next  generation  of 

Unified  Threat  Managemenl 


Check  Point’s  new  VPN-1  UTM  solutions  provide  you  with: 

■  A  truly  unified,  integrated  solution  that  is  easy  to  deploy  and  manage. 

■  The  industry’s  strongest  threat  protection  -  from  known  and  unknown  threats. 

■  Total  visibility  and  control  of  multiple  security  functions  through  a  single  console. 

■  Scalability  for  small  offices  to  large  enterprises. 

Learn  more  about  Check  Point  next  generation  VPN-1  UTM  solutions. 

Visit  www.checkpoint.com/utm/nww  today. 
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We  Secure  the  Internet. 
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McAfee  Total  Protection  for  Enterprise 

•  Comprehensive  suite  including  antivirus  for  desktop,  server 
and  gateway,  antispyware,  host  IPS  and  desktop  firewall 

•  Reduces  the  complexity  of  managing  security 

•  Delivers  comprehensive  threat  prevention  and  centralized 
management,  which  enables  proactive  blockage  of  known 
and  unknown  attacks  to  ensure  seamless  continuity 

•  Unified  management  platform  drives  operational  efficiencies 
through  centralized  deployment,  configuration  and  policy  setting 


$6299 


Total  Protection 


McAfee 
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101-250  user  license 
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NETGEAR  ProSafe  VPN  Firewall  50 
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SNMP-manageable,  high-performance  network  solution  that  furnishes 
multi-dimensional  security 

Includes  advanced  security  using  Stateful  Packet  Inspection  (SPI),  Denial  of 
Service  (DoS)  and  Intrusion  Detection  (ID) 

Bundled  with  NETGEAR  ProSafe  VPN  Client  single-user  license  (VPN01 L) 


$194.99  CDW  727738 


•STS 


Cad  your  CDW  account  manage!  tot  McAfee  licensing  details  Offei  subject  to  CDWs  standard  terms  and  conditions  of  sale;  available  at  CDW.com.  ©  2006  CDW  Corporation 


The  Right  Technology.  Right  Away. 


CDW.com  •  800.399.4CDW 

In  Canada,  call  888.898.CDWC  •  CDW.ca 


The  Security  Solutions  You  Need  When  You  Need  Them. 

Security  solutions  for  your  network  have  always  been  complicated.  But  these  days,  it  seems  every  time 
you  turn  around  there’s  a  new  and  more  complex  security  issue  to  address.  CDW  understands  these 
challenges,  but  more  importantly,  we  know  that  they  will  continue  to  evolve.  Call  us  today  and  let  our 
account  managers  and  security  specialists  help  you  develop  a  multi-tiered  system  that  covers  gateway, 
server,  client,  and  mobile  security.  Then  get  on  with  everything  else  you've  been  putting  on  hold. 
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SECURITY  SWITCHING  1  ROUTING  SVPNS  ■  BANDWIDTH  MANAGEMENT  BVOIP  fl  WIRELESS  LANS 


Healthcare  exec  talks  security 


George  Rathbun,  director  of  IT 
architecture  at  Pfizer,  is  also  the 
CTO  for  SAFE-BioPharma,  the  phar¬ 
maceutical  industry  group  coordi¬ 
nating  secure  sharing  of  informa¬ 
tion  with  physicians  and  others. 
SAFE  members,  including  Johnson 
&  Johnson,  Abbott  Labs,  Bristol- 
Myers-Squibb,  Proctor  &  Gamble,  and  Merck  and 
GlaxoSmithKline,  have  embarked  on  a  shared  authen¬ 
tication  approach  based  on  public-key  infrastructure 
cross-certification.  Rathbun  recently  chatted  with 
Network  World  Senior  Editor  Ellen  Messmer  to  discuss 
how  this  security  program  works  and  what  its  implica¬ 
tions  are  for  users. 


How  many  members  does  SAFE  have,  and  what  has  the  organiza¬ 
tion  accomplished  since  its  founding? 

SAFE,  which  stands  for  Signatures  and  Authentication 
for  Everyone,  was  established  about  one  and  a  half  years 
ago  to  meet  the  challenge  of  global  online  identification 
of  individuals  in  the  pharmaceutical  industry.  We  now 


have  30  [corporate  and  government]  members.  We  initial¬ 
ly  looked  at  sharing  a  single  directory,  a  database  of  per¬ 
sonal  information,  to  have  a  single  authentication  source. 
But  instead,  we  went  with  an  approach  to  public-key 
infrastructure  (PKI)  and  digital  certificates  based  on  a 
bridge. 

What  is  that  exactly? 

A  bridge  is  a  certificate  authority  dedicated  to  issuing  cer¬ 
tificates  for  bridging  multiple  certificate  technologies.Today, 
there’s  a  SAFE  bridge  certificate  authority  that  issues  cross¬ 
certificates  to  anyone  that’s  part  of  it.  We  call  it  the  “trust 
bridge.”  It’s  maintained  by  a  vendor,  CyberTrust. 

So  how  does  this  digital-certificate  cross-certification  work  for 
SAFE  members? 

Well,  for  example,  all  of  the  workforce  at  Johnson  & 
Johnson  is  already  PKI-enabled  internally  with  their  own 
digital  certificates.  J&J  [last  month]  elected  to  have  their 
corporation  certified  with  the  trust  bridge. To  do  that,  J&J 
went  to  a  cross-certification  ceremony  where  agents  from 
J&J  made  sure  the  certificate  authorities  are  aligned  and 
there  are  no  discrepancies  between  policies.  It’s  quite  a  bit 
of  work.  But  it  creates  a  trusted  network  of  [certificate 

See  Rathbun,  page  20 


DOD  hosts  massive  interoperability  test 


Short  Takes 


■  Radvision  last  week  replaced  its  line 
of  vialP  multipoint  conference  unit  and 
gateway  products  with  a  new  hardware 
platform  called  Scopia  capable  of  han¬ 
dling  more  calls  from  more  devices.  The 
new  product  family  will  have  three  mod¬ 
els,  ranging  from  the  Ill-rack  unit  Scopia 
100  for  small  and  midsize  businesses  that 
handle  12  ports  of  audio,  up  to  the  Scopia 
1000  chassis,  which  has  room  for  as 
many  as  18  blades  and  can  handle  330 
video  calls  and  1,700  ports  of  audio  simul¬ 
taneously.  In  terms  of  video,  the  initial 
release  of  the  Scopia  platform  will  sup¬ 
port  up  to  4CIF  video  (standard  televi¬ 
sion)  in  any  given  call.  With  vendors  such 
as  LifeSize.Tandberg  and  Polycom  start¬ 
ing  to  ship  high-definition  video  systems, 
future  Scopia  updates  also  will  support 
HD  video  for  those  that  want  to  take 
advantage  of  the  increased  resolution.  A 
new  version  of  the  company's  iView  man¬ 
agement  suite  will  let  larger  organizations 
mesh  hardware  and  software  MCUs  to 
handle  large  calls.  Scopia  will  be  available 
for  order  this  week  with  large-scale 
implementations  priced  around  $2,000 
per  port.  The  Scopia  100  will  be  priced 
starting  at  around  $30,000. 

■  Zfone,  free  software  that  encrypts 
VoIP  calls  in  a  way  that  may  circumvent 
government  eavesdropping  laws  in  some 
countries,  is  available  to  Windows  users. 
Zfone  was  developed  by  Philip  Zimmer- 
mann,  the  creator  of  the  e-mail  encryp¬ 
tion  tool  Pretty  Good  Privacy.  The  soft¬ 
ware  works  in  a  peer-to-peer  manner, 
exchanging  encryption  keys  directly 
between  the  two  people  making  a  voice 
call.  Other  approaches,  such  as  the  com¬ 
monly  used  public-key  infrastructure,  rely 
on  a  centralized  database,  usually  hosted 
by  a  third  party,  to  manage  keys.  The  dis¬ 
tinction  is  important  in  places  where  the 
debate  about  the  rights  of  governments 
to  eavesdrop  on  citizens'  phone  calls  is 
growing  increasingly  heated.  Zfone  pre¬ 
sents  a  challenge  to  the  U.S.  govern¬ 
ment's  ruling  that  VoIP  providers  will  soon 
have  to  turn  over  call  detail  records,  as 
some  regular  phone  companies  have.  But 
the  law  applies  to  service  providers, 
which  means  callers  can  use  Zfone  to 
encrypt  calls,  and  the  government  can't 
demand  that  the  users  share  the  encryp¬ 
tion  keys  in  order  to  understand  the  con¬ 
tents  of  the  call. 


41  nations  test 
radios,  satellite  gear 
and  IP  networks. 

BY  CAROLYN  DUFFY  MARSAN 

Trying  to  enable  your  network  to  commu¬ 
nicate  securely  with  a  diverse  set  of  suppli¬ 
ers  and  business  partners?  If  you  think 
you’ve  got  interoperability  problems,  con¬ 
sider  the  case  of  the  U.S.  Department  of 
Defense. 

The  Defense  Department  regularly  pulls 
together  multinational  coalitions  for 
warfighting,  peacekeeping  and  disaster 
relief  operations  with  dozens  of  allies  that 
change  on  a  moment’s  notice.  Each  time, 
the  Defense  Department  and  its  allies  build 
a  command  and  control  network  from  a 
hodgepodge  of  radios,  satellite  gear  and 
computers.That’s  why  the  department  hosts 
annual  interoperability  testing  events  to 
help  make  sure  its  allies  can  communicate 
with  each  other  during  an  emergency. 


For  the  past  two  weeks,  the  U.S.  European 
Command  has  sponsored  Combined  En¬ 
deavor  2006  (CE  06),  a  two-week  interoper¬ 
ability  event  in  Baumholder,  Germany  CE  06 
is  the  12th  annual  event  held  in  Europe,  and 
it  had  forces  from  41  countries,  including 
Germany  France  and  the  United  Kingdom. 
Participants  tested  their  ability  to  send  data, 
voice,  images  and  video  over  an  IP  back¬ 
bone  using  a  wide  variety  of  mobile  radio 
and  satellite  communications  devices. 

“As  we  get  called  to  respond  to  crises  like 
Hurricane  Katrina  or  an  earthquake  in 
Pakistan,  the  political  side  develops  coali¬ 
tions,  but  we  have  to  be  ready  to  roll  out 
the  network,”  says  Lt.  Col.  Joe  Angyal,  exer¬ 
cise  director  for  CE  06.  “It’s  a  major  chal¬ 
lenge  for  us,  because  we  never  know  what 
the  coalition  is  going  to  be. . . .  When  we 
find  ourselves  out  in  the  battlefield,  it’s  like 
a  game  of  Yahtzee  for  network  planners 
like  me.” 

Cisco  provided  the  routers,  switches  and 
software  that  comprised  the  core  network 


infrastructure  for  CE  06.  The  core  network 
used  100Mbps  links  to  connect  four  nodes 
in  Germany  and  one  satellite  node  in 
Bosnia.  A  HAM  radio  connection  linked  the 
European  network  to  South  Africa  through 
Finland.  Connections  in  the  field  were 
2Mbps,  which  is  typical  for  battlefield  oper¬ 
ations.  The  network  supported  1,200  users. 

“This  is  the  first  time  that  we  have  provid¬ 
ed  the  network  for  Combined  Endeavor," 
says  HaraldVermanen,NATO  liaison  execu¬ 
tive  at  Cisco. “We  help  the  armies  that  have 
our  products. We  have  participated  in  other 
interoperability  tests  or  testing  of  new  prod¬ 
ucts  . . .  but  Combined  Endeavor  is  by  far  the 
biggest  testing  event.” 

Combined  Endeavor  tested  equipment  in 
six  main  areas:  single-channel  radio;  circuit- 
switched  telephony  including  VoIP;  video 
teleconferencing;  core  services;  data  trans¬ 
mission  systems,  including  routers;  and 
transmission  systems.  CE  06  participants 
said  more  militaries  are  using  IP  as  their 
See  Defense,  page  20 
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Virtualization  coming  to  desktops 


TOLLY  ON  TECHNOLOGY 

Kevin  Tolly 


Whether  you  like  it  or  not,  if  you 
are  at  all  involved  with  selecting 
the  corporate  desktop,  you  are 
going  to  have  to  deal  with  virtu¬ 
alization.  Intel’s  recent  an¬ 
nouncement  of  its  vPRO  and  its 
attendant  publicity  campaign 
will  make  sure  of  that. 

It’s  not  that  virtualization  isn’t 
valuable,  but  its  status  as  buzz¬ 
word  of  the  moment  and  its  use 
across  areas  as  disparate  as  desk¬ 
tops,  servers  and  storage  has 
unfortunately  made  the  word 
devoid  of  almost  any  meaning 


when  used  on  its  own. 

Virtualization  usually  refers  to 
creating  an  environment  that 
appears  one  way  to  users  but  is 
something  else  altogether  in 
physical  reality.  Storage  vendors 
talk  of  virtual  tape  in  which  pro¬ 
grams  behave  like  they  are  per¬ 
forming  input/output  operations 
on  a  tape,  but  the  data  is  actually 
being  written  to  disk  or  some 
other  physical  media. 

For  desktops  and  servers,  the 
term  typically  refers  to  running 
multiple  logical  machines  on  a 
single  physical  desktop  or  serv¬ 
er.  In  many  ways  this  is  similar  to 
what  Citrix  offers  with  its  Pre¬ 
sentation  Server,  which  virtual¬ 
izes  the  desktop  any  application 
using  its  specialized  version  of 
the  Windows  Server  operating 
system. 


For  all  the  hype  the  term  is  get¬ 
ting,  virtualization  is  not  new.  IBM 
released  its  Virtual  Machine/370 
(VM/370)  in  August  1972  (www. 
nwdocfinder.com/3639)  after 
having  used  it  for  internal  operat¬ 
ing  system  development  for 
some  years.  Like  today’s  offerings, 
it  lets  you  boot  a  real  operating 
system  that  talks  directly  to  the 
hardware  and  offers  a  virtualized 
view  of  the  same  hardware  to 
one  or  more  guest  operating  sys¬ 
tems  booted  under  it. 

That  is  one  of  the  ways  that  we 
can  virtualize  desktop  ma¬ 
chines  today.  Running  a  system 
such  as  VMWare  essentially  im¬ 
plements  IBM’s  concept  on 
today’s  desktop. 

However,  that  is  not  what  Intel’s 
vPRO  is  getting  at.  While  I  admit 
that  it  is  not  completely  clear  to 


me,  it  seems  to  be  based  on  using 
Intel’s  virtualization  technology 
and,  specifically,  its  dual-core 
CPUs  to  do  in  hardware  what  the 
VMWare  solution  implements  in 
software. 

Apparently,  one  of  the  CPUs 
will  be  used  to  run  a  system 
within  the  system  that  will  be 
separate  and  secure  from  the 
main  operating  system.  Early 
ads  state  that  this  service 
machine  can  be  used  for  tasks 
such  as  installing  software, 
upgrading  licenses  and  running 
diagnostics  —  but  is  not  limited 
to  these  functions. 

It  also  will  be  an  enabling  envi¬ 
ronment  for  third-party  vendors. 
At  the  announcement,  a  Syman¬ 
tec  executive  was  on  hand  to 
pledge  his  company’s  commit¬ 
ment  to  the  endeavor. 


Some  financial  analysts  see 
vPRO  as  way  to  stop  corporate 
customers  from  defecting  from 
Intel-based  desktops  to  those 
powered  by  Advanced  Micro 
Devices.  After  years  in  the 
desert,  AMD  is  doing  well  and 
making  nontrivial  inroads.  The 
company  stated  in  The  Wall 
Street  Journal  that  it  is  not  wor¬ 
ried  about  vPRO  and  it  can  offer 
most  of  the  same  features. 

Start  doing  your  virtualization 
homework  now,  as  it  seems 
almost  certain  that  this  year  will 
see  a  major  FUD  war  on  the 
topic. 

Tolly  is  president  of  The  Tolly 
Group,  a  strategic  consulting  and 
independent  testing  company  in 
Boca  Raton,  Fla.  He  can  be 
reached  at  ktolly@tolly.com. 
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communications  standard  and  creating 
converged  rather  than  separate  voice,  data 
and  video  networks.  However,  it  was  still 
tricky  integrating  older  military  radios,  tele¬ 
phones  and  other  communications  gear 
with  the  modern  Cisco  backbone  network. 
Many  of  the  partners  bring  analog  equip¬ 
ment,"  Angyal  says.“It’s  a  major  challenge  to 
integrate  the  older  analog  equipment  with 
the  completely  IP  backbone  system." 

Although  the  Combined  Endeavor  net¬ 
work  did  not  carry  classified  communica¬ 
tions,  it  was  secured  with  encryption, 
because  it  carried  sensitive  information.  “It 
was  about  the  same  level  of  security  that  we 
would  roll  out  on  an  operation, "Angyal  says. 

The  Defense  Department  sponsored  the 
event  and  estimates  that  the  total  cost  to 
the  participants  was  about  $10  million. 

A  significant  component  of  CE  06  is  the 
process  of  documenting  the  testing  that  was 
done.  The  Defense  Department  will  pro¬ 
duce  an  interoperability  guide  published 
on  CD-ROM  that  will  be  distributed  to  all  the 
participants.  The  guide  offers  shortcuts  to 
enable  communications  between  the 
equipment  that  various  militaries  have 
deployed.lt  has  more  than  12,000  technical 
test  results  with  accompanying  technical 
data  configuration  and  information. 

“It’s  like  having  a  copy  of  the  test  before 
you  have  to  take  it,”  Angyal  says.Tor  multi¬ 
national  network  planners,  this  guide  takes 
out  all  the  guesswork.” 

Many  IT  companies,  including  Cisco  and 
Marconi, donated  equipment  for  CE  06  test¬ 
ing,  but  military  staff  ran  the  tests. 

“This  interoperability  guide  that  we  pro¬ 
duce  is  very  pure,”  Angyal  says.  “We  have  a 


high  degree  of  confidence  in  it,  because 
the  soldiers  who  operate  in  the  field  con¬ 
duct  the  testing.  We  don’t  have  people  from 
Cisco  running  the  tests. ...  All  the  soldiers 
that  are  involved  are  IT  specialists.” 

Although  the  focus  of  Combined  En¬ 
deavor  is  on  technical  testing  of  equip¬ 
ment,  the  exercise  lets  the  Defense  De¬ 
partment  improve  interoperability  on  the  IT 
staff  and  policy  levels,  too. 

“We  bring  these  guys  together  to  under¬ 
stand  and  communicate  with  each  other,” 
Angyal  says.  “We  also  test  on  the  technical 
level,  router  to  router  and  switch  to  switch, 
as  well  as  procedural  interoperability  in 
terms  of  how  you  use  IT  and  how  you 
deploy  IT.  Finally  we  test  operational  inter¬ 
operability 

Participants  of  Combined  Endeavor  say 
similar  but  smaller-scale  operational  testing 
could  be  useful  for  network  managers  at 
large  corporations  or  municipalities. 

“If  you’re  General  Motors,  you  might  want 
to  figure  out  the  companies  that  you  want 
to  work  with  and  the  level  of  network 
access  that  you  want  to  provide  them,  then 
you’d  figure  out  some  test  strings  and  bring 
in  an  independent  consultant  to  verify  the 
testing.  Then  you’d  document  your  testing 
and  publish  it  as  a  guide  for  you  and  your 
partners,”  Angyal  says. 

Cisco  says  it  sees  similar  testing  among 
law  enforcement  officials  worldwide. 

“It  makes  sense  from  the  view  of  the 
police  in  Amsterdam  running  interoperabil¬ 
ity  tests  with  the  Dutch  Army  Vermanen 
says  “They  are  testing  this  kind  of  communi¬ 
cations  and  procedures  to  deal  in  the  best 
way  with  disasters  like  Sept.  11.” 

Multinational  companies  that  work  in 
remote  locations  also  could  benefit  from 
interoperability  testing  in  the  field. 


“If  you’re  an  oil  company  getting  into  an 
area  where  there  is  hardly  any  communi¬ 
cations  that  is  good, you  might  want  to  find 
out  up  front  whether  your  communications 
systems  are  going  to  work  . . .  with  the  local 
fire  department, "Vermanen  says. 

Combined  Endeavor  includes  23  nations 
of  NATO,  12  members  of  NATO’s  Partnership 
for  Peace  and  nonaligned  countries,  such 
as  Switzerland  and  Austria. 

Next  for  the  Defense  Department  is  a  sim¬ 
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authorities]  for  authentication.Vendors, 
such  as  CoreStreet,  are  also  involved  in 
supporting  the  bridge. 

So  how  does  all  this  technical  effort  come  to 
serve  business  goals? 

Doctors  in  hospitals  are  often  participat¬ 
ing  in  clinical  trials.  Intellectual  property 
such  as  laboratory  notebooks  and  human 
studies,  have  to  be  signed  by  them  or  oth- 
ers.Today,  documents  receive  wet  signa¬ 
tures  on  paper,  which  is  scanned. The  goal 
is  to  do  this  electronically  with  digitally 
signed  documents,  all  time-stamped. The 
SAFE  authentication  model  means  the 
doctor  doesn’t  have  to  get  a  digital  certifi¬ 
cate  from  each  company  but  just  one 
issued  under  SAFE. 

So  if  one  key  goal  at  SAFE  is  to  get  doctors 
using  SAFE  cross-certified  digital  certificates, 
how  is  that  proceeding? 

The  current  strategy  is  to  have  mem¬ 
bers  invite  doctors  into  this  and  pay  for 
their  certificates.  It  also  requires  a  hard¬ 
ware  device,  too,  to  hold  the  certificate,  a 


ilar  interoperability-testing  event  called 
Africa  Endeavor,  which  will  include  28 
African  nations.  The  U.S.  Pacific  Command 
will  host  its  own  interoperability  event  with 
18  Asian  nations  in  September. 

“It’s  important  to  test  products  in  a  very 
realistic  environment,”  Angyal  says.“It’s  one 
thing  if  the  equipment  works  in  a  lab.  It’s 
another  thing  to  get  it  out  here  and  get  it 
dirty  and  put  in  the  drinking-straw  band¬ 
width  that  we  have  in  the  battlefield.”  ■ 


USB  token  or  smart  card.  We  believe  that 
the  Trusted  Computing  Group’s  Trusted 
Platform  Module  might  also  lend  itself  to 
this  hardware  model. 

Why  does  SAFE  insist  on  hardware-based  cer¬ 
tificates  rather  than  software-based? 

It  was  done  from  the  point  of  view  of 
the  legal  framework  and  policies  that  gov¬ 
ern  use  of  credentials.  In  the  legal  analy¬ 
sis,  it  was  an  issue  of  nonrepudiation  and 
property  protection,  so  that  in  a  court  of 
law  the  digitally  signed  document  would 
still  be  accepted.  With  the  soft  certificates, 
the  question  is,  would  it  hold  up  in  court? 
Someone  could  ghost  my  machine  or 
steal  my  password.  But  the  Food  &  Drug 
Administration  has  said  they’d  consider 
soft  certificates  for  submissions. 

What’s  the  biggest  challenge  in  getting  SAFE 
in  use  today,  if  it's  not  mandatory? 

The  challenge  is  the  cost,  which  can 
range  from  $30  to  $150.  And  we  can’t  make 
the  assumption  the  doctor  alone  reviews 
documents.Todayit’s  a  preference  among 
SAFE  members  to  use  the  SAFE  token  in 
clinical  trials,  but  we  recognize  there  are 
still  going  to  be  wet-signed  documents.  ■ 
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SPECIAL  FOCUS 


DATA  CENTER  NETWORKS 


Sata  center  networks  often  exclude  Ethernet 


Interconnect  options 


When  planning  what  network  technology  to  deploy  in  a  data  center,  two  options 
are  emerging  for  high-speed,  low-latency  server  interconnect  technologies. 


10G  Ethernet 

Description: 

The  fastest  Ethernet  flavor  available;  new  adapters  and  switches  are  coming  to  market 
that  offer  extremely  low  latency  —  in  the  sub-500-nanosec  range. 

Pro: 

Generally  uses  standard  Ethernet  LAN  gear,  cabling  and  PC  interface  cards. 

Cons: 

Latency  issues  still  persist,  which  could  exclude  the  technology  from  the  highest-latency- 
sensitive  applications,  such  as  clusters  and  grids.  Speeds  still  lag  behind  some  other 
interconnect  technologies. 

Infiniband 

Description: 

Semiproprietary  technology  for  interconnecting  servers  and  switches. 

Pros: 

Extremely  low  latency  —  sub-400-nanosec  —  and  high  throughput  rates  of  up  to 
30Gbps  make  it  the  most  robust  interconnect  for  data  centers. 

Cons: 

Requires  expensive,  proprietary  interconnect  gear  on  server  hardware,  and  switching 
gear  that  must  translate  between  Ethernet/IP  and  Infiniband  to  communicate  outside 
a  data  center  or  cluster. 

BY  PHIL  HOCHMUTH 

t’s  not  often  that  Ethernet  is  on  the  out¬ 
side  of  an  emerging  network  technolo¬ 
gy  market.  But  in  linking  some  data 
center  equipment  to  high-speed  pipes, 
Ethernet  sometimes  has  its  nose  pressed  to 
the  glass  door,  looking  in. 

For  data  center  network  managers,  server 
interconnect  technology  falls  into  two  dis¬ 
tinct  camps.  For  most,  Ethernet,  the  world 
standard  for  networked  computers,  is  how 
Windows,  Linux,  Unix  and  mainframes  are 
plugged  in  and  accessed. But  in  the  rarefied 
realm  of  high-performance  data  center 
clustering,  technologies  such  as  Infiniband 
and  some  niche,  proprietary  interconnect 
technologies,  such  as  Myricom’s  Myrinet, 
have  a  strong  hold. 

Over  the  past  several  years,  Infiniband 
switches  have  emerged  as  an  alternative  for 
some  users.  Makers  such  as  Voltaire  and 
Infinicon  came  to  market  with  high-speed 
clustering  switches  that  connect  servers 
with  specialized  host  bus  adapters  (HBA). 
These  systems  can  provide  as  much  as 
30Gbps  of  throughput,  with  latency  as  low 
as  the  sub-200-nanosec  range.  (By  compari¬ 
son,  latency  in  standard  Ethernet  gear  is 
measured  in  milliseconds,  or  one-millionth 
of  a  second,  rather  than  nanoseconds, 
which  are  one-billionth  of  a  second). This 
server-to-switch  technology  was  so  attrac¬ 
tive  that  Cisco  purchased  Infiniband  switch 
start-up  TopSpin  a  little  more  than  a  year 
ago  for  $250  million. 

A  need  for  speed,  and  more 

“Ethernet  is  a  good,  versatile  technology 
that  can  handle  almost  anything,”  says 
Patrick  Guay  vice  president  of  marketing  for 
Voltaire.“But  Ethernet  never  had  to  address 
the  levels  of  [traffic]  efficiency  and  laten¬ 
cy”  required  in  clustered  computer  systems, 
storage  networking  and  high-speed  server 
interconnects,  he  adds. 

“It’s  not  that  there  is  no  place  for  10G 
Ethernet  in  data  centers,”  Guay  says.  “There 
is  just  a  certain  subset  of  customers  who 
need  more  than  what  Ethernet  and  IP  offer!’ 

This  was  the  case  at  Mississippi  State  Uni¬ 
versity’s  Engineering  Research  Center 
(ERC),  which  runs  several  large  Linux  clus¬ 
ters  used  in  engineering  simulations  for 
defense,  medical  and  automotive  industry 
research,  among  other  areas.  The  ERC’s 
Maverick  is  a  384-processor  Linux  cluster 
connected  by  Voltaire  Infiniband  products. 
Voltaire’s  Intros  96-port  Infiniband  switch  is 
used  to  connect  the  diskless  processor 


nodes,  which  access  storage  —  and  even 
operating  system  boot  images  —  over  the 
Infiniband  links. 

This  lets  Roger  Smith,  network  manager  at 
the  ERC,  set  up  cluster  configurations  on 
the  fly;  however,  many  processors  needed 
for  a  task  can  be  called  up  quickly 

Such  a  setup  requires  extremely  low 
latency  as  the  processors  are  pulling  Linux 
operating  system  images  over  the  Infini¬ 
band  links,  instead  of  through  a  local  hard 
drive.  Also,  processes  shared  in  RAM  among 
the  Linux  nodes  all  run  through  the  Voltaire 
switch. 

“Ethernet  was  just  not  ready  for  prime 
time,  to  get  to  the  low-latency  needs  in 
some  data  centers”  over  the  last  few  years, 
says  Steve  Garrison,  marketing  director  for 
ForcelO  Networks, which  makes  high-speed 
Ethernet  data  center  switches. 

The  latency  of  store-and-forward  Ethernet 
technology  is  imperceptible  for  most  LAN 
users  —  in  the  low  100-millisec  range.  But 
in  data  centers,  where  CPUs  may  be  sharing 
data  in  memory  across  different  connected 
machines,  the  smallest  hiccups  can  fail  a 
process  or  botch  data  results. 

“When  you  get  into  application-layer  clus¬ 
tering,  milliseconds  of  latency  can  have  an 
impact  on  performance,”  Garrison  says.This 
forced  many  data  center  network  designers 
to  look  beyond  Ethernet  for  connectivity 
options. 

“The  good  thing  about  Infiniband  is  that  it 
has  gotten  Ethernet  off  its  butt  and  forced 
the  Ethernet  market  to  rethink  itself  and 
make  itself  better]’  Garrison  says. 

Ethernet’s  virtual  twins 

It’s  become  harder  to  tell  standard  Ether¬ 
net  and  high-speed  interconnect  technol¬ 
ogies  apart  when  comparing  such  metrics 
as  data  throughput,  latency  and  fault  toler¬ 
ance,  industry  experts  say  Several  recent 
developments  have  led  to  this.  One  is  the 
emergence  of  10G  Ethernet  in  server 
adapters;  network  interface  card  (NIC)  mak¬ 
ers  such  as  Solarflare,  Neterion  and  Chelsio 
have  cards  that  can  pump  as  much  as  8G  to 
lOGbps  of  data  into  and  out  of  a  box  with 
the  latest  PC1-X  server  bus  technology 

Recent  advancements  in  Ethernet  switch¬ 
ing  components  and  chipsets  have  nar¬ 
rowed  the  gap  between  Ethernet  and 
Infiniband,  with  some  LAN  gear  getting 
latency  down  to  as  little  as  300  nanosec. 
Also,  development  of  Ethernet-based  Re¬ 
mote  Direct  Memory  Access  —  most 
notably  the  iWARP  effort  —  has  developed 


Ethernet  gear  that  can  bypass  network 
stacks  and  bus  hardware  and  push  data 
directly  into  server  memory  Improvements 
in  basic  Gigabit  Ethernet  and  10G  chipsets 
have  also  brought  latency  down  to  the 
microsecond  level  —  nearly  matching 
Infiniband  and  other  proprietary  HBA  inter¬ 
connect  technologies. 

The  type  of  high-performance  computing 
applications  used  at  Mississippi  State  also 
has  been  the  purview  of  specialized  inter¬ 
connects  for  a  long  time.  One  brand  syn¬ 
onymous  with  clustering  —  at  least  in  the 
high-performance  computing  world  —  is 
Myricom.The  company’s  proprietary  fiber 
and  copper  interconnects  have  been  in 
large  supercomputers  for  years,  connecting 
processors  directly  over  the  company’s 
own  protocols.  This  allows  for  around  2 
microsec  of  latency  in  node-to-node  com¬ 
munications,  and  up  to  20Gbps  —  more 
than  16  times  faster  than  10G  Ethernet  —  of 
bandwidth.  But  even  Myricom  says  Ether¬ 
net’s  move  in  the  high-performance  data 
center  is  irrepressible. 

“A  great  majority  of  even  HPC  applica¬ 
tions  are  not  sensitive  to  the  differences  in 
latency  between  Myrinet  connections  on 
one  side  and  Ethernet  on  the  other  side,” 
says  Charles  Seitz,  CEO  of  Myricom.  The 
company  is  in  the  10G  Ethernet  NIC  mar¬ 
ket,  having  released  Fiber-based  adapters, 
which  can  run  both  10G  Ethernet  and 
Myrinet  protocols.  This  evolution  was 
caused  by  customer  demand  for  more 
interoperability  with  the  Myricom  gear. 


“What  do  people  mean  when  they  say  in¬ 
teroperability?  They  mean  its  interoperabil¬ 
ity  with  Ethernet,”  Seitz  says. 

Universal  acceptance 

The  widespread  expertise  in  building  and 
troubleshooting  Ethernet  networks,  and 
universal  interoperability  makes  it  the  bet¬ 
ter  data  center  connectivity  technology  in 
the  long  run,  others  say 

“Ethernet  does  not  require  a  certifica¬ 
tion,”  says  Douglas  Gourlay,  director  of 
product  management  for  Cisco’s  Data 
Center  Business  Unit,  which  includes  prod¬ 
ucts  such  as  the  Fibre  Channel  MDS  stor¬ 
age  switch,  Infiniband  (from  the  TopSpin 
acquisition),  and  Gigabit  and  10G  Ether¬ 
net  products. 

“With  Fibre  Channel,  you  had  multiple 
vendors  building  multiple  products,  so  the 
storage  vendors  took  it  upon  themselves  to 
create  a  certification  standard  for  interop¬ 
erability’  Gourlay  says.  “Now  users  won’t 
deploy  products  that  are  not  certified  by 
that  specification.” 

Gourlay  adds  that  the  industry  is  not  at  the 
point  where  Infiniband  technology,  or  other 
high-performance  computing  interconnect 
gear,  has  a  common  certification  standard, 
or  has  proven  interoperability  among  mul¬ 
tivendor  products. 

“You  can  probably  bet  that  you  can’t 
build  a  network  today  with  one  of  the  nar¬ 
rowly  focused  high-performance  comput¬ 
ing  [networking]  technologies  from  multi¬ 
ple  vendors.”  ■ 
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Learn  why  L»J«Hlnl(™l:™!land  hundreds  of 
other  financial  institutions  chose  , 

the  world's  fastest  growing  PBX  company. 


"ShoreTel's  product  was  not  retrofitted  from  old 
phone  system  technology — it  was  built  from  the 
ground  up  as  an  IP  PBX,  offering  functionality  and 
integration  that  differentiated  ShoreTel  from  its 
competitors.  ShoreTel  has  never  missed  on  a 
promise,  and  the  cost  benefits  to  our  organization 
have  been  significant.  And  adding  new  users  or 
new  locations  is  a  slam-dunk — it's  point,  click,  done." 
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“BY  UTILIZING  SUNGARD  FOR  AN 
ADVANCED  RECOVERY  SOLUTION, 


■  'i-A  *''/•; 


I  WAS  ABLE  TO  GET  MY  COMPANY 


BACK  UP  IN  A  MAHER  OF  HOURS, 


NOT  DAYS.” 


Brian  Finley,  CTO 
PSS/World  Medical  Inc. 


When  it  comes  to  being 
prepared  for  unplanned  IT 
interruptions,  you  need  to 
know  your  systems  are  either  always 
available  or  can  be  quickly  recovered. 
That’s  where  SunGard’s  Information 
Availability  solutions  can  help.  We 
deliver  the  secure  data,  systems, 
networks  and  support  you  require  to 
help  your  business  stay  in  business. 
Because  your  employees,  suppliers 
and  customers  rely  on  you  to  be 
available  every  minute  of  every  day, 
you  need  continuous  access  to 
information  no  matter  what  —  you 
need  Information  Availability. 

For  over  25  years,  businesses  have 
turned  to  SunGard  to  restore  their 
systems  when  something  went  wrong. 
So,  it’s  not  surprising  that  they  now 
turn  to  us  to  give  them  options  to 
make  sure  they  never  go  down  in  the 
first  place.  Plus,  SunGard  offers 
elutions  that  let  you  remain  in  control 
your  IT  environment  and  enjoy  the 
'..exibility  required  to  adjust  to  the 
changing  needs  of  your  business. 


SunGard  has  a  wide  range  of  solutions  to  meet  your  enterprise-wide  requirements.  Here  are  just  a  few  of  those  solutions: 

Server  Replication  solutions  allow  you  to  minimize  data  loss  and  recovery  time  for  your  Microsoft®  Windows®-based 
applications.  If  your  server  is  unavailable,  for  whatever  reason,  you  can  have  a  fast  and  easy  recovery  of  replicated  servers 
located  at  a  SunGard  facility.  When  your  applications,  such  as  databases,  e-mail  and  file  servers,  need  to  be  recovered 
in  less  than  24  hours,  Server  Replication  gives  you  data  center  redundancy  without  the  high  cost  of  building  your  own 
secondary  facility. 

* 

E-Mail  Availability  Service  helps  companies  ensure  that  their  electronic  communications  are  readily  available  across  the 
enterprise  despite  situations  that  impact  the  availability  of  servers,  software,  work  facilities  or  staff.  SunGard’s  E-Mail 
Availability  Service  can  have  you  back  up  and  running  in  less  than  a  minute. 

Hosted  Exchange  Service  can  help  you  to  offload  the  complex  management  of  Microsoft®  Exchange®  servers,  licensing  and 
patch  management.  SunGard  customers  can  also  recognize  a  lower  total  cost  of  ownership*  for  their  e-mail  install  base. 

System  Recovery,  Mobile  Recovery,  Network  Recovery  and  End-User  Recovery  Services  help  you  get  back  up  quickly  when 

disaster  strikes. 

Your  job  is  to  keep  systems  and  applications  running.  Our  mission  is  to  keep 
people  and  information  connected.  Let's  work  together.  To  learn  more,  contact  us 

at  1-800-468-7483  or  go  to  www.availability.sungard.com/masteria  and  get  your 

free  copy  of  the  book  "Mastering  Information  Availability.” 

*The  Radicati  Group.  Radicati  White  Paper  “Microsoft  Exchange  2003  Total  Cost  of  Ownership." 
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Hitachi  boosts  high-end  storage 

TheTagmaStore  Universal  Storage  Platform  gains  iSCSI  support,  better  replication  and  audit  capabilities. 


BY  DENI  CONNOR 

Hitachi  Data  Systems  last  week  said  it  has 
enhanced  its  largest  storage  arrays  with 
software  and  hardware  that  give  the  Tagma- 
Store  Universal  Storage  Platform  (USP)  a 
25%  performance  boost. 

The  company  has  enhanced  the  micro¬ 
code  and  added  optional  4Gbps  Fibre 
Channel  controllers,  iSCSI  connections  and 
new  load-balancing  capabilities  among  the 
processors  to  enable  the  TagmaStore  to 
operate  at  2.5  million  I/Os  per  second. 

TagmaStore,  which  is  available  in  three 
models  —  the  USP  100, 600  and  1100  — 
is  aimed  at  large  enterprises  running 
applications  that  process  online  transac¬ 
tions  or  consolidating  storage  and  server 
resources. 

The  TagmaStore’s  virtualization  capability 
can  manage  as  much  as  32  petabytes  of  ex¬ 
ternal  and  internal  Fibre  Channel,  network- 
attached,  Enterprise  Systems  Connection  or 
Fibre  Connection  storage. 

With  this  release,  the  company  has  added 
iSCSI  support. 

“Customers  can  consolidate  a  large 
number  of  servers  through  the  box,”  says 
David  Floyer,  CTO  for  IT  consultancy 
Barometrix.  “You  can  connect  them  with 
these  virtual  ports  and  reduce  the  cost  of 
the  connection.” 

The  USP  also  features  performance  en¬ 
hancements  to  its  Hitachi  Universal  Repli¬ 
cator  and  Shadowlmage  In-System  Repli- 


Short  Takes 


■  HP  announced  last  week  that  it 
has  upgraded  its  ProLiant  servers 
and  blade  systems  to  include  Intel's 
newest  dual-core  Xeon  5100  and  5000 
series  processors.  HP  says  these 
processors  improve  performance  by 
as  much  as  45%.  The  company  also 
has  added  serial-attached  SCSI  dri¬ 
ves  and  enhanced  network  adapters 
that  support  iSCSI,  Gigabit  Ethernet, 
remote  direct  memory  access  and 
TCP  offload,  as  well  as  increased 
memory  capacity.  The  new  servers 
are  expected  to  be  available  before 
the  end  of  June. 


cation  software,  which  assist  in  safeguard¬ 
ing  data  for  regulatory  compliance  or  dis¬ 
aster  recovery 

The  Universal  Replicator,  long-distance 
replication  software,  now  can  accommo¬ 
date  the  distribution  of  64KB  data  volumes 
across  as  many  as  four  TagmaStore  USPs. 
Previous  TagmaStore  arrays  could  replicate 
data  only  between  two  systems. 

The  software  also  has  a  new  capability 
called  Delta  Resync  for  open  system  and 
mainframe  environments  that  lets  a  cus¬ 
tomer  recover  to  a  local  or  intermediate 
site  when  the  primary  site  has  failed.  The 
new  capability  copies  only  data  differences 
from  the  intermediate  site  to  the  disaster- 
recovery  site  during  the  recovery  process, 
thus  saving  on  the  amount  of  data  replicat¬ 
ed  and  the  time  it  takes. 

The  Shadowlmage  In-System  Replication 
software,  which  allows  data  replication 
within  the  array  itself,  has  been  enhanced 
to  accommodate  more  data  volumes  and 
has  a  performance  increase  of  as  much  as 
300%,  according  to  Hitachi.lt  can  perform 
as  many  as  128  concurrent  operations,  a 
fourfold  increase  over  previous 
TagmaStores. 

“From  a  practical  point  of  view,  the  perfor¬ 


BY  JENNIFER  MEARS 

ClearCube  is  stepping  up  its  focus  on 
tools  to  manage  its  PC  blades,  as  well  as 
those  from  other  vendors,  as  enterprises 
show  growing  interest  in  centralizing  their 
computing  resources. 

Sentral  5.0,  which  ClearCube  introduced 
last  week,  provides  a  single  console  for 
managing  and  monitoring  hundreds  or 
thousands  of  centralized  PCs.The  product 
consolidates  several  of  ClearCube’s  exist¬ 
ing  management  products  and  provides 
new  functionality,  including  the  capability 
to  manage  desktops  running  in  virtual 
machines. 

PC  blades  separate  the  guts  of  a  PC  from 
the  client  device,  putting  the  processing 
power  in  data  centers  or  computer  rooms. 
Proponents  say  the  approach  streamlines 
management  and  heightens  security  by 
putting  hardware  in  a  centralized  location. 

While  ClearCube  created  the  market  in 


mance  enhancement  of  the  replication 
engine  is  the  most  important,”  Floyer  says. 
“What  could  have  been  considered  a  bot¬ 
tleneck  before  is  now  four  times  as  fast.” 

Further,  Hitachi  is  adding  audit  capabili¬ 
ties  to  the  TagmaStore  that  logs  a  history  of 
all  user-access  operations  for  compliance 
purposes  or  for  investigating  the  cause  of 
errors.  Customers  can  export  this  audit  log 
to  a  variety  of  formats. 

Hitachi  says  it  has  shipped  more  than 
3,000  TagmaStores  since  the  product’s  in¬ 
troduction  in  September  2004. 

The  cost  of  the  upgraded  TagmaStore 
starts  at  $600,000.The  Universal  Replicator 
and  Shadow  Image  software  are  expected 
to  be  available  next  month.  There  is  no 
cost  for  the  upgraded  microcode.  The  32- 
port  4Gbps  switch  for  the  TagmaStore 
costs  $100,000. 

TagmaStore  competes  with  IBM’s  Total- 
Storage  DS8000  and  EMC’s  Symmetrix 
DMX-3.  While  Hitachi  has  virtualization 
capability  built  in  to  the  TagmaStore,  IBM 
and  EMC  offer  this  capability  via  separate 
appliances.  Further,  Hitachi  has  a  natural 
distribution  channel  for  its  products  — 
both  HP  and  Sun  offer  rebranded 
TagmaStores. ■ 


2000,  HP  and  IBM  have  introduced  PC 
blade  offerings  in  the  past  year.  Analysts  say 
the  idea  of  PC  blades  is  catching  on,  espe¬ 
cially  as  enterprises  tap  into  virtualization 
to  get  more  out  of  their  IT  resources. 

With  Sentral,  which  replaces  ClearCube’s 
Control  Center  management  suite,  cus¬ 
tomers  can  manage  virtualized  desktops, 
allocating  resources  as  user  needs 
demand,  says  Ttent  Fitz,  software  product 
manager  at  ClearCube. 

“It  can  manage  virtual  machines,  and 
that  means  mapping  users  to  VMs,  stop¬ 
ping  virtual  machines  and  restarting 
them,"  he  says. 

The  software  supports  VMware,  as  well  as 
Microsoft  Virtual  Server. 

Other  features  in  Sentral  include  a  cen¬ 
tralized  dashboard  for  viewing  all  physical 
and  virtual  desktops,  including  utilization 
metrics,  such  as  memory  and  network 
bandwidth;  alerts  for  monitoring  the 


Hitachi  says  its  TagmaStore  USP  can  virtual¬ 
ize  as  much  as  32  petabytes  of  external  or 
internal  storage. 


health  of  physical  machines;  and  the  abil¬ 
ity  to  create  a  custom  view  of  devices, 
grouping  them  by  geographic  region  or 
business  unit,  for  example,  for  monitoring 
and  management. 

In  addition  to  Sentral  5.0,  ClearCube  an¬ 
nounced  updates  to  its  Dynamic  Allo¬ 
cation  Module  and  Switching  Module. The 
Dynamic  Allocation  Module  lets  users 
connect  to  active  sessions  from  any  client 
device,  while  the  Switching  Module  en¬ 
ables  administrators  to  switch  users 
between  blades. 

Sentral  is  in  beta  now  but  will  be  gen¬ 
erally  available  in  June  and  priced  at  just 
less  than  $300  with  both  the  Dynamic 
Allocation  and  Switching  modules,  Fitz 
says.  ■ 
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Short  Takes 


■  Microsoft  has  released  a  near¬ 
final  version  of  its  software  for  build¬ 
ing  e-commerce  sites  and  renamed 
the  product  Commerce  Server 
2007,  from  Commerce  Server  2006. 

In  a  blog  posting  on  the  Microsoft 
Developer  Network  recently,  Micro¬ 
soft  developer  Ryan  Donovan  em¬ 
phasized  that  the  name  change  does 
not  mean  the  software  will  be  late.  A 
focus  of  the  upgrade  is  making  it 
easier  for  customers  to  link  their  e- 
commerce  sites  with  back-end  appli¬ 
cations  from  SAP  and  Oracle.  This  is 
achieved  using  BizTalk  Server  and 
its  various  adapters  for  linking  to 
third-party  applications. 

Another  selling  point  is  an  out-of- 
the-box  starter  site,  which  will 
include  catalog  browsing,  shopping 
cart,  profile  management  and  other 
predesigned  capabilities  for  setting 
up  an  online  store.  It  will  be  available 
as  a  Web  download  when  Commerce 
Server  2007  is  released  to  manufac¬ 
turing,  which  is  scheduled  for  June. 
Other  new  features  include  support 
for  the  service-oriented  architecture 
development  model  and  integration 
with  Microsoft's  ASP.Net  2.0  and 
Visual  Studio  2005.  The  upgrade  also 
will  add  better  reporting  capabilities 
and  new  tools  for  managing  orders 
and  customers  and  support  server 
clustering. 

■  Messaging  security  appliance 
maker  IronPort  earlier  this  month 
announced  an  upgrade  to  its  out¬ 
bound  e-mail  filters  that  help  compa¬ 
nies  stay  compliant  with  regulations 
such  as  the  Health  Insurance  Porta¬ 
bility  and  Accountability  Act  and 
Gramm-Leach-Bliley  Act.  Available 
free  to  customers  of  the  company's 
e-mail  security  appliances,  the 
IronPort  Compliance  Filters  include  a 
preset  collection  of  policies  that  can 
be  deployed  to  help  protect  organiza¬ 
tions  from  unauthorized  dissemina¬ 
tion  of  information  over  e-mail,  offi¬ 
cials  say.  The  filters  use  a  multicate¬ 
gory  pattern-matching  algorithm  to 
find  sensitive  information  in  out¬ 
bound  e-mails  and  act  on  them 
accordingly. 


Windows  gets  network  boost 


BY  JOHN  FONTANA 

SEATTLE  —  Microsoft  last  week  an¬ 
nounced  an  add-on  to  Windows  designed 
to  improve  network  performance  and  seal- 
ability  for  such  tasks  as  storage  and  backup 
when  coupled  with  specialized  hardware. 

The  Windows  Server  2003  Scalable  Net¬ 
working  Pack  (SNP)  is  a  network-accelera¬ 
tion  and  hardware-based  offloading  tech¬ 
nology  that  relieves  the  CPU  of  certain 
tasks  to  improve  performance.  The  en¬ 
hancements,  which  are  being  made  avail¬ 
able  as  a  free  download, are  targeted  at  stor¬ 
age,  backup, Web  hosting, TCP-based  media 
streaming  and  real-time  collaboration. 

Users  will  need  to  purchase  a  specialized 
network  interface  card  (NIC)  to  drive  the 
software  enhancements. 

Microsoft  demonstrated  the  add-on  at 
its  annual  Windows  Hardware  Engineer¬ 
ing  Conference  last  week  during  a  key¬ 
note  address  by  Bob  Muglia,  Microsoft’s 
senior  vice  president  of  the  server  and 
tools  business. 

The  software  and  hardware  combination 
is  designed  to  ease  network  bottlenecks, 
such  as  CPU  overhead  and  memory  band¬ 
width  related  to  network  packet  process¬ 
ing,  and  reduce  the  demands  put  on 
servers  by  today’s  Gigabit  Ethernet  speeds. 

“Overall,  we  are  talking  about  better  per¬ 
formance  and  scalability  for  data-intensive 
workloads,”  says  Ian  Hameroff,  product 
manager  for  Windows  Server  Core  Net¬ 
working. 

Microsoft  hopes  the  improvements  mean 
that  users  won’t  have  to  purchase  addition¬ 
al  servers  for  their  data  centers  or  replace 
existing  hardware  to  boost  their  network 
performance. 

Microsoft  will  offer  the  SNP  software  for 
Windows  Server  2003  (Service  Pack  1  or 
later)  in  the  32-bit  and  64-bit  editions,  and 
in  the  64-bit  edition  of  Windows  XP  Pro. 

Hameroff  said  the  operating  system 
changes  would  not  require  changes  to 
existing  applications,  network  topology, 
server  configurations  or  network-manage¬ 
ment  tools. 

The  SNP  architectural  changes  will  be 
built  into  the  next  versions  of  the  operating 
system,  the  Vista  client,  due  to  ship  in  No¬ 
vember  to  corporate  users,  and  the  Long- 
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horn  Server,  due  in  the  second  half  of  2007. 

Microsoft  partners,  including  Broadcom, 
IBM  and  Dell,  will  supply  NICs  and  pre- 
loaded  hardware  that  support  the  SNP 

Microsoft  has  made  the  SNP  architectural 
changes  at  the  Network  Driver  Interface 
Specification  (NDIS)  layer.  The  purpose  of 
the  NDIS  is  to  define  a  standard  API  for 
NICs.  Microsoft  has  added  three  technolo¬ 
gies  to  the  NDIS  layer  —  TCP  Chimney 
Offload,  Receive-side  Scaling  and  NetDMA. 

The  TCP  Chimney  Offload  provides  state¬ 
ful  offload  of  TCP  traffic  processing  to  net¬ 
work  adapters  that  have  a  TCP  Offload 
Engine  (TOE). The  intent  is  to  reduce  CPU 
overhead  by  passing  tasks  such  as  packet 
segmentation  to  the  adapter, which  can  free 
the  CPU  to  support  more  user  sessions  and 
reduce  latency 

The  Receive-side  Scaling  allows  inbound 
network  traffic  to  be  shared  across  multiple 
CPUs  using  the  new  network  interface 
enhancements.  Microsoft  says  the  feature  is 


a  benefit  to  applications  that  run  on  multi¬ 
processor  machines  and  generate  signifi¬ 
cant  inbound  traffic, such  as  Web  hosting  or 
file  serving. 

The  NetDMA  feature  enables  memory 
management  through  direct  memory 
access  offload  on  servers  with  technology 
such  as  Intel’s  I/O  Acceleration  Technology 

The  three  performance  and  network 
changes  are  just  the  first  that  Microsoft 
plans  to  make  in  the  operating  system. 

With  Longhorn,  Microsoft  will  improve 
the  administrative  control  over  offload  poli¬ 
cies  and  support  offloading  connections 
when  firewalls  and  an  IPSec  policy  are 
used.  Microsoft  also  will  include  offload 
support  for  TCP  connections  that  are  IPSec- 
protected .Vista  also  will  include  support  for 
IPv6  and  NDIS  6.0  APIs  that  allow  multi¬ 
packet  processing  on  all  data  ports. 

More  information  on  the  Windows  Server 
2003  Scalable  Networking  Pack  can  be 
found  at  www.microsoft.com/snp.B 


Colligo  builds  offline 
client  for  SharePoint 


BY  JOHN  FONTANA 

Collaboration  vendor  Colligo  last  week 
released  two  clients  for  Microsoft  Share- 
Point.  One  gives  users  the  ability  to  take 
SharePoint  content  offline,  including  a 
wide  array  of  metadata  and  information 
stored  in  lists.  Users  can  then  replicate 
changes  made  offline  when  reconnected 
to  the  network. 

The  second,  Reader  for  SharePoint,  is  a 
read-only  client  that  is  available  for  free 


Taking  SharePoint  offline 

Colligo  is  introducing  two  clients  that  let  users  take  offline  files,  documents  and 
forms  stored  in  Microsoft's  SharePoint  Portal  Server  and  the  forthcoming 
replacement,  SharePoint  Server  2007,  which  will  shio  with  Office  2007. 


Client 

Description 

Features 

Reader 

Geared  for  intranet  site  users. 

Provides  read-only  access  much  like  Adobe  Reader. 

Contributor 

Targeted  at  project  teams  including 
sales,  consulting,  legal,  engineering, 

IT  and  marketing. 

Offline  access  to  such  features  as  document 
libraries,  metadata  on  business  processes,  forms, 
contacts  and  lists. 

and  is  intended  for  use  with  read-only 
intranet  sites  built  on  SharePoint. 

Microsoft  offers  two  offline  clients  for  its 
collaboration  server  SharePoint  —  Out¬ 
look  and  Groove  —  but  Outlook  offers 
only  offline  access  to  a  limited  amount  of 
SharePoint  data.  The  Groove  option  re¬ 
quires  deployment  of  that  client  and  its 
back-end  infrastructure,  and  focuses  on 
bringing  documents  into  the  Groove 
See  Colligo,  page  28 
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The  future  library:  A  50-petabyte  iPod? 


NET  INSIDER 

Scott  Bradner 


I  started  playing  with  digitized 
literature  almost  25  years  ago.  A 
lot  has  changed  in  the  digital 
books  biz  since  then. 

Some  of  the  history,  current  sta¬ 
tus,  future  possibilities  and  clash¬ 
ing  business  models  in  this  area 
were  recently  explored  in  a  cover 
“manifesto”  in  The  New  York  Times 
Magazine  by  Wired  writer  Kevin 
Kelly  Spoiler:  It  will  all  come  out 
fine  in  the  end,  but  the  length  of 
time  you  will  have  to  wait 
depends  on  when  Congress  stops 
moving  the  copyright  goal  posts. 

In  the  summer  of  1982  a  classics 
graduate  student  working  in  the 


computer  lab  I  ran  in  the  Harvard 
psychology  department  got  a 
copy  of  the  Thesaurus  Linguae 
Graecae.a  large  batch  of  classical 
Greek  literature  that  had  been 
typed  into  computers  someplace 
outside  the  United  States,  with  HP 
co-founder  David  Packard  paying 
the  bill.  I, along  with  people  in  the 
Harvard  Classics  and  English 
departments,  convinced  the  uni¬ 
versity  administration  to  pay  for  a 
huge  —  at  the  time  —  300MB 
disk  drive  to  store  this  text  as  well 
as  a  collection  of  Middle  English 
literature. 

Over  the  next  few  years  the 
graduate  student,  Greg  Crane, 
now  a  professor  at  Tufts  Univer¬ 
sity,  put  together  the  first  version 
of  what  became  the  Perseus 
Project.  This  is  a  Weblike  mixture 
of  text  and  clickable  links  to 
other  material,  done  many  years 
before  the  Web  and  search 
engines  showed  up. 


This  well-indexed  online  text 
changed  what  sort  of  things 
would  be  reasonable  Ph.D.  dis¬ 
sertation  topics.  Before  Crane’s 
work,  a  student  could  arrive  at  a 
topic  after  years  of  index-card- 
based  investigations  of  how  spe¬ 
cific  words  were  used  in  classical 
Greek;  after  Cranes  effort,  that 
became  a  weekend  task. 

Kelly’s  Times  Magazine  story 
(www.nwdocfinder.com/3637) 
explores  what  happens  in  a 
future  where  you  might  have 
petabytes  of  digital  material 
being  attacked  by  cutting-edge 
search  engines.  Kelly  estimates 
that  a  50-petabyte  disk  farm 
could  hold  all  the  32  million 
books,  750  million  stories  and 
essays,  25  million  songs,  500  mil¬ 
lion  images,  500,000  movies,  TV 
shows  and  short  films  and  100 
billion  public  Web  pages. 

Quite  a  bit  of  the  material  is 
already  digitized,  including  as 


new  books,  DVD  movies  and  CD 
music.  The  story  describes  multi¬ 
ple  projects  under  way  to  try  to 
catch  up  with  digitizing  older 
books  and  discusses  the  legal 
and  access  issues  caused  by 
Congress’  continual  extension  of 
the  copyright  period. 

A  few  years  ago  in  a  column  I 
quoted  a  student  who  told  me 
“if  it  is  not  on  the  Web,  then  it 
does  not  exist”  (www.nwdoc 
finder.com/3638).  The  same 
point  was  reinforced  last  week 
when  I  suggested  that  a  gradu¬ 
ate  student  see  whether  he 
could  find  some  information  on 
a  particular  topic  in  the  library 
that  was  one  floor  down  from 
my  office,  and  he  admitted  to 
being  in  the  library  only  once  or 
twice  —  and  had  not  looked 
anything  up. 

Kelly  paints  a  picture  in  which 
physical  libraries  might  not  be 
needed,  other  than  for  books 


published  by  companies  whose 
lawyers  are  not  ready  to  embrace 
a  searchable  digital  world.  In 
Kelly’s  future,  world  books  are  no 
longer  individual  items  but  are 
parts  of  a  vast  relational  database 
on  steroids  where  your  biggest 
problem  will  be  figuring  out  how 
to  ask  the  question  you  want 
answered.  And  to  figure  out  what 
is  left  that  could  be  a  good  dis¬ 
sertation  topic.  All  in  all,  a  very 
good  read. 

Disclaimer:  If  physical  libraries 
fade  away,  Harvard  is  going  to 
wind  up  with  a  lot  of  prime  real 
estate  that  will  be  bitterly  fought 
over,  but  I  did  not  ask  the  view  of 
the  university  library  folk  about 
The  New  York  Times  story,  so  the 
above  is  my  own  review. 

Bradner  is  a  consultant  with 
Harvard  University’s  University 
Information  Systems.  He  can  be 
reached  at  sob@sobco 


Colligo 

continued  from  page  27 
Workspace  interface. 

Colligo  also  competes  with  a  similar  product  from  Digi-Link. 

“This  has  been  the  Holy  Grail  for  SharePoint  users,  because  remote 
and  mobile  workers  were  not  able  to  take  work  offline,”  says  David 
Smith,  an  analyst  with  Gartner.  He  says,  however,  Colligo  will  face  some 
competition  with  Groove,  which  Microsoft  is  marrying  to  its  collabora¬ 
tion  infrastructure  around  Office  and  SharePoint. 

“Users  will  have  to  think  about  their  SharePoint  strategy  when  picking 
a  client,”  Smith  says. 

Colligo’s  Contributor  client  allows  users  to  capture  all  SharePoint 
data  and  take  it  offline  by  clicking  a  synchronization  button  in  the 
client,  which  brings  down  all  data  or  only  preselected  files.  Colligo’s 
software  installs  on  Windows  XP  desktops  and  is  designed  to  mimic 
the  Outlook  interface  used  for  online  SharePoint  connections.  Files 
are  stored  locally  in  a  small  encrypted  database.  Contributor  supports 
all  versions  of  Windows  SharePoint  Services  and  SharePoint  Portal 
Server,  and  it  does  not  require  software  to  be  installed  on  the  server. 

Users  also  can  drag-and-drop  SharePoint  files  into  the  Colligo  envi¬ 
ronment.  Contributor,  which  is  built  on  the  .Net  framework,  is  targeted 
at  SharePoint  collaboration  sites. 

When  Contributor  replicates  data  from  SharePbint  it  preserves  docu¬ 
ment  libraries,  custom  lists  and  views.  Users  are  then  able  to  edit  the 
content  offline.  Contributor’s  synchronization  capabilities  include  a 
conflict-resolution  feature  in  case  offline  changes  clash  with  changes 
made  online  by  another  user. 

Microsoft’s  Office  2007,  when  it  ships  later  this  year,  will  support  two- 
way  synchronization  of  events, contacts,  tasks  and  documents  between 
SharePoint  and  Outlook,  but  it  does  not  support  other  information  avail¬ 
able  when  users  are  online,  including  views,  custom  lists,  issues  and 
such  metadata  as  author  and  review  cycle  status. 

The  new  version  of  Office  includes  a  Groove  Server  and  client 

nhancements  for  SharePoint,  including  the  new  SharePoint  Files  Tool 
that  lets  you  bring  document  libraries  or  a  folder  from  a  library  into 
Groove.The  enhancements  include  tools  for  discussion,  files,  meetings, 
calendar,  forms,  InfoPath  forms,  issue  tracking,  Notepad,  pictures  and 
Sketchpad.  Colligo’s  Contributor  is  priced  at  $99  per  seat.  ■ 


ProactiveNet  enhances  net, 
app  management  software 


Company  adds  user 
monitoring,  business 
service  console  and  SLA 
management  features. 

BY  DENISE  DUBIE 

ProactiveNet  last  week  announced  an  updated 
version  of  its  flagship  software  that  the  vendor  says 
can  help  customers  better  relate  IT  performance  to 
specific  business  processes  and  track  application 
performance. 

The  software,  ProactiveNet  7.0,  includes  a 
Business  Services  Management  console  that  lets 
customers  view  the  relationships  among  applica¬ 
tions,  such  network  components  as  routers,  servers 
and  databases,  and  user  machines,  the  company 
says.  With  this  view,  customers  can  determine  more 
quickly  the  cause  of  a  problem  and  minimize  the 
effect  on  users. 

The  company  also  reworked  the  console  to  have 
configurable  service-manager  and  operations-man- 
ager  interfaces.  For  example,  the  former  might  re¬ 
port  on  a  process,  such  as  order  entry  slowing 
down,  while  the  latter  would  report  on  the  servers 
and  network  devices  most  likely 
associated  with  the  degradation. 

“ProactiveNet  does  not  monitor 
for  performance  in  the  way  the  tra¬ 
ditional  management  vendors  do,” 
says  Jean-Pierre  Garbani,  a  re¬ 


search  director  at  Forrester  Research.  He  explains 
the  company  can  pinpoint  application-performance 
problems  by  taking  a  vertical  view  of  the  application 
from  the  user  machine  to  back-end  systems. 

While  ProactiveNet  competes  with  BMC  Software, 
CA,HPIBM  and  Mercury  Interactive,  traditional  man¬ 
agement  systems  can  take  a  more  all-encompassing 
view  of  network  elements,  but  they  may  not  as  rapid¬ 
ly  report  the  performance  probjem  or  pinpoint  its 
exact  source,  he  says.  “With  its  approach,  Proact¬ 
iveNet  does  a  lot  of  the  correlation  for  the  IT  man¬ 
agers  to  determine  how  an  event  on  a  server 
impacts,  say  the  end  user’’ 

ProactiveNet  7.0  uses  statistical  analysis  to  deter¬ 
mine  the  normal  operating  behavior  of  networks, 
applications  and  servers,  and  alerts  network  man¬ 
agers  when  abnormal  patterns  have  occurred.  This 
information  can  help  users  prevent  a  problem 
before  it  slows  network,  application  and  Web  site  per¬ 
formance,  the  company  says. 

ProactiveNet  comprises  several  components:  col¬ 
lectors  that  span  the  entire  application-delivery  path, 
a  centralized  repository  and  a  polling  architecture. 
The  software  installs  on  a  dedicated  server  and  com¬ 
municates  with  existing  third-party  software  agents 
distributed  throughout  the  infrastructure.  Proactive- 
Net  also  offers  its  own  agents  to  be 
installed  if  there  are  no  agents  on 
the  servers  to  be  monitored.  The 
agents  process  no  data  and  sit  dor¬ 
mant  until  ProactiveNet  software 
requests  performance  data.B 
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SERVICE  PROVIDERS 

THE  INTERNET  VPNS  INTEREXCHANGES  AND  LOCAL  CARRIERS  WIRELESS  REGULATORY  AFFAIRS  S£  CARRIER  INFRASTRUCTURE 


Telco  bashing:  It’s  just  their  turn 


Some  days  it  seems  everything’s  conspir¬ 
ing  against  the  big  telecommunications 
providers  —  even  themselves. 

Last  week  I  mentioned  the  potentially 
illegal  handover  of  confidential  customer 
data  to  the  National  Security  Agency  of 
which  BellSouth,  AT&T  and  Verizon  have 
been  accused.  All  three  carriers  say 
they’ve  done  nothing  wrong  —  but  there’s 
a  caveat:  A  presidential  memorandum 
dated  May  5  allows  the  director  of 
national  intelligence,  John  Negroponte,  to 
authorize  companies  to  conceal  activities 
related  to  national  security  —  giving  the 
telcos  full  deniability. 

This  issue  is  likely  to  get  messier  before  it’s 
resolved.  Several  folks  have  filed  lawsuits 
against  the  telcos,  including  a  couple  of 
lawyers  in  New  Jersey  who’ve  filed  class- 
action  suits  worth  as  much  as  $200  billion 
against  Verizon  and  AT&T. That’s  in  addition 
to  the  lawsuit  filed  by  the  Electronic 
Frontier  Foundation  against  AT&T. 

Customers  and  their  lawyers  aren’t  the 
only  folks  who  hate  the  telcos.  Regulators 
aren’t  fond  of  them,  either.  Consider  the 
slew  of  regulations  that  target  only  pro¬ 
viders  that  operate  infrastructure.  A  couple 
of  examples: 

•  The  Communications  Assistance  for 


Short  Takes 


■  Verizon  Business  last  week 
launched  a  suite  of  services  designed 
to  enhance  performance  of  applica¬ 
tions  on  Web  sites.  The  new  managed 
offerings,  called  Application 
Acceleration  Services,  accelerate 
the  delivery  of  enterprise  and  e-com¬ 
merce  software  applications,  such  as 
e-mail  and  online  shopping  carts.  The 
services  also  can  accommodate  addi¬ 
tional  application  traffic  without  in¬ 
creasing  bandwidth  or  data  center 
resources,  and  require  no  changes  to 
the  customer's  application  or  infra¬ 
structure,  Verizon  Business  says. 
Pricing  starts  at  $6,650  per  month. 


Law  Enforcement  Act  (CALEA),  which  asks 
“facilities-based”  providers  to  install  wire¬ 
tapping  gear  at  their  own  expense  in  their 
networks. Vonage  and  Skype  are,  of  course, 
exempt  from  CALEA  requirements,  on  the 
grounds  that  they  don’t  operate  facilities. 

•  The  Universal  Services  Fraud/Fund 
(USF).  Remember  “Bailouts  for  Billion¬ 
aires?”  (www.nwdocfinder.com/364  l).The 
Universal  Services  Fund,  which  provides 
needy  mobsters  and  billionaires  with 
broadband  access,  collects  some  $14  bil¬ 
lion  from  facilities-based  telcos  —  once 
again,  the  Vonages  and  the  Skypes  need  not 
contribute. 

•  The  FCC  seems  bent  on  piling  on  the 
taxes,  regulations  and  constraints  on  com¬ 
panies  that  purchase  and  operate  switches 
—  while  protecting  software-only  VoIP 
providers,  which,  let’s  not  forget,  require 


BY  DENISE  PAPPALARDO 

AT&T  is  rolling  out  a  fully  managed  ser¬ 
vice  that  supports  RFID  from  end  to  end  by 
joining  a  handful  of  vendors. 

The  company  says  it  is  working  closely 
with  Intel,  BEA  Systems  and  Symbol  Tech¬ 
nologies  to  deliver  parts  of  its  new  RFID  ser¬ 
vice,  which  was  introduced  last  September. 

There  are  five  elements  to  the  service, says 
Ebrahim  Keshavarz,  vice  president  of  new 
services  deployment  at  the  carrier: 

•  Professional  services  analysis  of  busi¬ 
ness  processes,  ROI  and  design. 

•  Client  premises  management,  including 
routers,  wired  and  wireless  LANs,  and  read¬ 
er  edge  software  management. 

•  Standard  AT&T  data  transport  service 
options,  including  VPN  and  Internet  access. 

•  Hosted  electronic  product  code  (EPC) 
global  database. 

•  A  Warehouse  Management  System, 
through  AT&T’s  subsidiary  Sterling 
Commerce,  used  to  track  RFID  delivery 
locations. 

The  carrier  is  supporting  all  elements  ex¬ 
cept  management  of  the  RFID  reader  edge 
software  and  the  hosted  EPC  Global  Data¬ 
base.  These  will  be  deployed  when  testing 
concludes,  Keshavarz  says.  The  EPC  global 
database  is  the  industry-standard  approach 
to  hosting  RFID  data  for  customers,  he  says. 

The  carrier  is  trying  to  put  together  a  best- 


those  same  “facilities”  to  offer  their  services. 

The  message?  For  God’s  sake,  don’t  own 
facilities  if  you  can  possibly  help  it.  Don’t 
make  money  or  you’ll  get  sued.  And  never, 
ever  cooperate  with  the  government  —  at 
least  if  you’re  a  telco.  (Yahoo  and  AOL  say 
they  comply  with  government  requests  to 
turn  over  data  —  no  class-action  lawsuits 
against  them, so  far.) 

Am  I  defending  the  telcos?  Hardly  As  I’ve 
noted,  if  they’ve  been  breaking  the  law,  they 
have  only  themselves  to  blame.  And  they 
do  have  a  habit  of  acting  like  arrogant  Big 
Brothers. 

But  there’s  something  bigger  afoot  here. 
Every  generation  or  so,  there’s  a  slew  of 
new,  hip,  nice-guy  players  that  are  up 
against  the  entrenched,  Big  Brotherish 
companies.  The  new  guys  (in  this  case 
companies  such  as  Vonage,  Yahoo,  AOL 


AT&T’s  RFID  partners 

Here  is  what  each  brings 
to  the  table: 

Intel 

Professional  services  and  network 
processor  technology 

BEA  Systems 

BEA  WebLogic  RFID  Edge  Server, 
Enterprise  Server  and  Portal  software 

Symbol  Technologies 

Mobile  and  fixed  RFID  readers 


of-breed  RFID  environment  for  customers 
from  readers  to  databases  stored  at  AT&T 
managed  data  centers,  Keshavarz  says. 
“We’re  not  getting  into  the  business  of  man¬ 
ufacturing  tags  or  readers,  but  providing  an 
integrated  managed  service  to  our  world¬ 
wide  network.” 

One  industry  analyst  sees  promise  in  the 
service. 

“One  of  the  big  problems  with  RFID  to 
date  is  the  lack  of  integration  among  the 
vendors  and  carriers  required  to  leverage 
the  technology  to  its  fullest  extent,”  says 
Robin  Gareiss,  executive  vice  president  and 
senior  founding  partner  at  Nemertes  Re- 


and  Google)  can  do  no  evil,  and  the  en¬ 
trenched  players  can  do  no  good. 

Remember  how  the  public  felt  about  IBM 
in  the  70s  and  ’80s  during  the  14-year  anti¬ 
trust  lawsuit?  Ironically  by  the  time  the  suit 
concluded,  IBM  had  started  on  its  long, 
slow,  decline  in  the  face  of  disruptive  tech¬ 
nologies  such  as  the  PC  and  later,  the  In¬ 
ternet.  (Telcos:  Take  heed!)  Only  Lou 
Gerstner’s  visionary  leadership  reversed 
that  slide,  by  transforming  IBM  into  a  fun¬ 
damentally  different  company 

And  here’s  the  ultimate  irony:  The  new- 
age,  nice-guy  player  that  was  boldly  going 
toe-to-toe  with  IBM  back  then?  Microsoft. 

Johnson  is  president  and  senior  founding 
partner  at  Nemertes  Research,  an  indepen¬ 
dent  technology  research  firm.  She  can  be 
reached  at  johna@nemertes.com. 


search.  “What’s  good  about  AT&T’s  move  is 
that  it’s  taking  a  leadership  position  with 
RFID  by  pulling  together  the  pieces  re¬ 
quired  to  make  the  technology  successful.” 

AT&T  is  partnering  with  Intel  on  two 
fronts.  Intel’s  Solution  Services  is  working 
hand  in  hand  with  AT&T’s  professional  ser¬ 
vices  group  to  provide  RFID  network 
assessment  and  deployment  architecture 
to  customers.  Tire  companies  are  co-devel- 
oping  repeatable  architectures  for  RFID 
device  management  and  administration. 

The  architecture  work  stems  from 
Intel’s  developments  in  network  proces¬ 
sor  technologies. 

AT&T  uses  BEA  software  in  its  fully  man¬ 
aged  service,  including  the  vendor’s  Web- 
Logic  RFID  Edge  Server,  Enterprise  Server 
and  Fbrtal.These  products  manage  readers, 
filter  and  coordinate  with  operational  pro¬ 
cesses,  deliver  RFID  information  and  pro¬ 
vide  a  platform  for  viewing  this  data.  And 
AT&T  is  using  mobile  and  fixed  RFID  read¬ 
ers  from  Symbol  to  support  the  service. 

The  carrier  says  it  is  also  working  with 
standards  bodies,  including  the  IETF  and 
EPCGlobal  (www.nwdocfinder.com/3640), 
to  improve  the  manageability  of  RFID  net¬ 
works  and  devices. 

AT&T  says  it  has  been  operating  an  RFID 
service  trial  with  two  customers  since  late 
last  year.  ■ 


AT&T  offering  managed  RFID  service 


Wireless^ 

The  Speed  of  Life 

Internet.  Voice.  Entertainment  -  All  at  Once.  Anywhere. 


WRT300N  Wireless-N  Broadband  Router 


Life  moves  fast.  You  have  to  multitask  every  day.  Now 
there's  a  wireless  network  that  can  keep  up  with  the 
speed  of  life.  A  Wireless-N  network  from  Linksys  lets  you 
surf  the  web,  enjoy  high  definition  video,  listen  to  digital 
music,  and  make  Internet  phone  calls  -  all  at  the  same 
time  anywhere  throughout  the  home  or  office. 

•  Up  to  4X  the  range  for  whole-home  coverage  that  virtually 
eliminates  dead  spots. 

•  Up  to  1 2X  the  speed  of  the  older  Wireless-G  standard. 

•  Compatible  with  existing  Wireless-G  and  -B  products. 

•  Easy  to  install  and  easy  to  use.  Set  it  and  forget  it. 


Linksys.  Nobody  makes  networking  easier! 

For  more  information  on  the  new  Linksys 
Wireless-N  products,  visit  www.Linksys.com, 
or  call  1-800-737-7201. 
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Telework  tax-relief  plan  gathers 


steam 


A  vote  for  telework 


What  it  is: 

The  Telecommuter  Tax  Fairness  Act 

What  it  says: 

The  proposed  bill  would  prohibit  any  state  from  taxing  nonresidents  on  income  they  earn 
when  they  are  working  outside  the  state. 

Key  supporters: 

Senators  Chris  Dodd  (D-Conn.)  and  Joe  Lieberman  (D-Conn.):  Representatives  Chris 
Shays  (R-Conn.),  Tom  Davis  (R-Va.),  Rosa  DeLauro  (D-Conn.)  and  Frank  Wolf  (R-Va.). 

Timeline: 

First  proposed  September  2004,  resubmitted  May  2005. 

Why  now: 

Federal  agencies  are  pushing  for  the  public  and  private  sectors  to  use  telework  to  offset 
high  gas  prices,  alleviate  traffic  congestion,  and  play  a  role  in  business  continuity  and 
disaster  recovery  plans. 

BY  ANN  BEDNARZ 

Backers  of  a  proposed  bill  to  protect  tele¬ 
workers  from  onerous  state  tax  rules  hope 
this  could  be  the  year  the  legislation  sticks. 

If  passed,  the  Telecommuter  Tax  Fairness 
Act  would  prevent  states  from  taxing  in¬ 
come  that  nonresidents  who  telecommute 
to  in-state  employers  earn  while  working 
from  home. 

The  legislation  is  aimed  in  particular  at 
New  York,  which  is  legendary  for  its  stance 
on  nonresident  teleworkers.  It  requires 
those  who  sometimes  work  in  the  office  of 
their  New  York  employers  to  pay  state  taxes 
—  not  only  on  the  income  they  earn  while 
physically  in  New  York  but  also  on  the  in¬ 
come  they  earn  at  home.  This  often  results 
in  a  double  tax  when  the  telecommuter’s 
home  state  expects  tax  on  the  income  the 
telecommuter  earns  at  home. 

The  issue  affects  not  only  employees  but 
also  employers.  Businesses  can  wind  up 
having  to  deal  with  some  sticky  withhold¬ 
ing  requirements  if  employees  are  subject 
to  double  state  taxation.  Plus  the  risk  of 
double  taxes  for  employees  may  limit  em¬ 
ployers’  ability  to  recruit  nonresidents,  says 
Nicole  Belson  Goluboff,  a  lawyer  from 
Scarsdale,N.Y,who  specializes  in  telework- 


BY  GRANT  GROSS,  IDG  NEWS  SERVICE 

Parts  of  the  U.S.  government  could  shut 
down  during  a  much-feared  outbreak  of 
avian  influenza  unless  the  government  de¬ 
velops  better  telecommuting  plans,  two  IT 
leaders  told  lawmakers  recently. 

Paul  Kurtz,  executive  director  of  the  Cyber 
Security  Industry  Alliance,  and  Scott  Kriens, 
chairman  and  CEO  of  Juniper,  told  the  U.S. 
House  of  Representatives  Government  Re¬ 
form  Committee  that  government  agencies 
lack  plans  for  long-term  telecommuting. 

Even  as  world  health  officials  worry  that 
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related  issues. 

New  York  isn’t  the  only  state  with  a  so- 
called  convenience  rule,  but  it’s  the  most 
aggressive  enforcer. “Convenience”  refers  to 
nonresident  employees  choosing  to  work 
from  home  because  it’s  convenient  for 
them  rather  than  a  necessity  Unless  a  tele¬ 
commuter  can  persuade  tax  authorities 
that  his  work  cannot  be  done  in  a  New  York 
office,  the  state  isn’t  going  to  forfeit  taxes. 

New  York  recently  revised  its  conve¬ 
nience  rule,  but  nonresident  employees  still 
are  required  to  prove  necessity  to  avoid  tax¬ 
ation  on  income  earned  working  from 
home,  Goluboff  says.  “Telework  involves 
work  that  at  its  core  is  portable  —  you  used 
to  do  it  in  the  office,  but  now  you  don’t  have 
to.  Very  few  telecommuters  are  going  to  be 
able  to  satisfy  that  standard.” 

A  computer  programmer  living  in  Nash¬ 
ville  challenged  New  York’s  tax  policy  last 
year  in  a  case  that  turned  a  spotlight  on  the 
double-tax  issue.  Thomas  Huckaby  spent 
75%  of  his  time  working  from  home  for  a 
New  York  employer  and  25%  at  the  employ¬ 
er’s  offices.  Huckaby  paid  taxes  to  each 
state  proportionate  to  the  amount  of  in¬ 
come  earned  in  each.  But  New  York  de¬ 
manded  taxes  on  100%  of  his  income. 


the  ever-spreading  avian  flu  could  mutate 
and  begin  being  transferred  from  human 
to  human,  most  federal  agencies’  telecom¬ 
muting  plans  assume  employees  will  be 
out  of  work  for  two  or  three  days,  Kurtz 
said.  Strains  of  deadly  avian  flu,  often 
called  bird  flu,  have  been  reported  in 
flocks  of  domesticated  and  wild  birds  in 
Asia,  the  Middle  East  and  Eastern  Europe 
since  2003.  Despite  fears  that  the  viruses 
could  spread  among  humans,  there  have 
been  reports  of  only  about  200  people 
contracting  bird  flu  since  1997,  and  most 
of  those  people  had  direct  contact  with 
infected  poultry,  according  to  the  U.S. 
Centers  for  Disease  Control  and 
Prevention. 

Although  Congress  in  2000  passed  a  law 
requiring  agencies  to  offer  telework 
options, agencies  are  required  to  return  any 
cost  savings  achieved  through  teleworking 
back  to  the  federal  budget,  Kurtz  said. 

“There’s  really  no  incentive  at  the  most 


He  fought  the  issue  in  a  case  that  ascend¬ 
ed  to  the  highest  court.  But  in  a  setback  for 
telework  advocates,  the  Supreme  Court  in 
October  declined  to  hear  the  case. 

The  court’s  decision  not  to  address  the 
issue  “effectively  authorized  New  York  to 
continue  to  subject  nonresident  telecom¬ 
muters  to  a  double-tax  penalty  Goluboff 
says.  It  also  opened  the  door  to  other  states 
that  don’t  have  —  or  aren’t  enforcing  —  a 
convenience  rule  to  likewise  start  pursuing 
their  own  nonresident  income  tax. 

“It’s  rather  attractive  to  be  able  to  collect 
tax  revenues  from  nonvoting  nonresidents,” 


senior  level  of  agencies  to  invest  in  tele¬ 
work,”  he  said. 

The  committee  hearing  came  on  the 
heels  of  a  U.S.  Government  Accountability 
Office  (GAO)  report  that  said  many  U.S. 
agencies  haven’t  developed  emergency 
teleworking  plans. 

While  federal  agencies  have  increased 
use  of  teleworking  in  the  past  two  years, 
only  nine  of  23  agencies  the  GAO  surveyed 
reported  they  had  plans  in  place  for  essen¬ 
tial  workers  to  telecommute,  GAO  said. 

“Business  managers  realize  that  telework 
is  a  way  to  get  optimal  performance  from 
their  workers,  allowing  employees  to  get 
work  done  from  home  or  the  road,”  Kriens 
said  in  written  testimony.  “I  find  it  ironic 
that  many  government  managers  report¬ 
edly  equate  telework  with  reduced  em¬ 
ployee  work  hours  and  lower  productivity, 
believing  in  the  outdated  management 
philosophy  that  ‘if  I  can’t  see  you,  1  can’t 
manage  you.’  ”  ■ 


she  says.“The  Supreme  Court’s  silence  really 
dealt  a  very  serious  blow  to  the  movement 
to  expand  the  use  of  telework.” 

With  the  proposed  Telecommuter  Tax 
Fairness  Act,  telework  advocates  hope  to 
undo  some  of  the  damage.The  bill  was  first 
introduced  in  September  2004,  but  it  failed 
to  grab  attention.  It  was  reintroduced  in 
May  2005  —  this  time  with  greater  visibility 

Among  the  legislators  who  have  joined 
the  effort  to  get  the  bill  passed  is  Rep.  Frank 
Wolf  (R-Va.),who  is  known  for  his  efforts  to 
require  key  federal  agencies  to  certify  that 
telecommuting  opportunities  are  made 
available  to  eligible  workers  —  or  risk  los¬ 
ing  millions  of  dollars  in  funding. 

Not  only  does  the  legislation  have 
strong  backers  but  also  it  comes  at  a  time 
when  government  is  strongly  encourag¬ 
ing  telework. 

In  a  September  memo,  the  U.S.  Office  of 
Personnel  Management  encouraged  fed¬ 
eral  agencies  to  more  aggressively  promote 
fuel-consuming  options,  such  as  telework¬ 
ing.  Government  executives  also  are  cham¬ 
pioning  telework  as  an  essential  tool  for 
businesses  in  the  event  of  a  flu  pandemic 
(see  related  story). 

But  there  could  be  a  high  price  attached 
to  this  emergency  management  strategy 
unless  the  Telecommuter  Tax  Fairness  Act 
gets  passed,  Goluboff  says. 

“How  can  we  let  this  very  significant 
financial  penalty  sit  there  for  doing  precise¬ 
ly  what  the  government  and  our  employers 
are  telling  us  to  do?”  she  says. “This  is  abso¬ 
lutely  the  wrong  time  for  there  to  be  an  im¬ 
pediment  to  such  a  critical  tool,  both  for 
federal  government  and  the  private  sector” 

With  all  the  attention  being  paid  to  tele¬ 
work  programs,  Goluboff  says  she  hopes 
Congress  will  pass  the  act  in  the  current  ses¬ 
sion.  A  vote  has  not  yet  been  scheduled.  ■ 


Commuting  to  slow  bird  flu  pains? 
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Vendor  Solutions  for  Your  IT  Challenges 

COMPANY:  Allot  Communications 

OVERVIEW:  Broadband  Internet  service  providers 
can  increase  average  revenue  per  user  (ARPU)  by  offering 
tiered  pricing  models  and  triple-play  data,  voice,  and  video 
services.  Making  the  business-process  changes  required 
to  deploy  these  revenue-generating  services  requires  the 
deep  network  visibility  and  automated  policy  enforcement 
found  in  traffic  management  systems. 

CHALLENGE:  Network  operators  are  struggling 
to  differentiate  themselves  with  new  services  and 
advanced  billing  plans  as  the  price  of  best-effort  broad¬ 
band  Internet  transport  plunges  toward  commodity 
levels.  However,  to  do  so,  they  need  a  way  to  monitor 
subscriber  usage  patterns  and  enforce  bandwidth- 
allocation  polices. These  capabilities  require  something 
beyond  the  best-effort  transport  mechanisms  inherent 
in  broadband  IP  network  systems. 

SOLUTION:  Intelligently  controlling  network  behavior 
using  deep-packet  inspection  (DPI)  traffic  management 
systems  such  as  the  Allot  Communications  NetEnforcer® 
makes  differentiated  service  plans  and  service-level  agree¬ 
ments  (SLAs)  possible.  Service  providers  use  the  NetEn¬ 
forcer,  for  example,  to  control  bandwidth  usage,  enforce 
service  guarantees,  and  set  traffic-forwarding  priorities 
and  rate  limits  based  both  on  application  and  subscriber. 

As  a  result,  they  can  deploy  more  customized  services 
and  ensure  bandwidth  fairness  among  subscribers.  Such 
service  control  also  makes  it  possible  to  charge  differen¬ 
tiated  service  fees  depending  on  class  of  service. 

With  the  Allot  Communications  NetEnforcer,  service 
providers  can: 

•  Deploy  revenue-generating,  premium  services  with 
guaranteed  network  metrics 

•  Offer  tiered  pricing  schemes 

•  Control  application  performance  and  bill  based  on  a 
subscriber's  actual  network  usage 

•"Tame" the  resource-intensive  behavior  of  peer-to-peer 
(P2P)  traffic  or  charge  for  P2P  traffic  based  on  usage 

•  Dynamically  monitor  traffic  flows  to  enforce  differenti¬ 
ated  service  policies 

•  Historically  monitor  per-application,  per  subscriber  traffic 
fortroubleshooting, analysis, and  long-term  planning 

Providers  gain  both  traffic  control — shaping  traffic  for 
optimal  overall  network  performance — and  subscriber 
control,  which  allows  them  to  charge  premium  rates 
for  premium  services  while  ensuring  that  an  individual 
subscriber  cannot  impede  on  the  others' SLAs. 
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E-MAIL  NEWSLETTER  SHOWCASE:  Messaging 

Spammers  take  out  revenge 
by  shuttering  security  firm 


BY  MICHAEL  OSTERMAN 

Blue  Security  was  founded  with  a  simple  premise:  a) 
sign  up  lots  of  people  who  did  not  want  to  be  spammed 
and  then  b)  send  e-mails  to  spammers  en  masse  on 
behalf  of  these  people  asking  that  the  spammers  stop 
sending  their  junk  to  Blue  Security  members.The  premise 
was  a  good  one  in  some  respects  and  actually  convinced 
some  spammers  to  take  Blue  Security  members  off  of 
their  list. 

However,  several  spammers  did  not  take  kindly  to  Blue 
Security’s  efforts  on  behalf  of  spam  victims  and  so 
attacked  Blue  Security  and  its  customers  with  spam, 
denial-of-service  attacks  and  threats.  One  threat  indicated 
that  Blue  Security’s  database  had  been  compromised, 
that  the  personal  or  business  e-mail  addresses  of  Blue 
Security’s  members  were  being  distributed  on  the 
Internet,  and  that  continuing  to  be  a  Blue  Security  mem¬ 
ber  would  result  in  a  20-fold  increase  in  the  amount  of 
spam  that  members  were  receiving. 

The  result?  Blue  Security  ceased  operations  last  week. 
The  announcement  on  the  company’s  Web  site  said  that 
Blue  Security  would  throw  in  the  towel,  acknowledging 
that  even  if  it  resumed  operations,  spammers  would  just 
shut  it  down  again. 

To  me,  there  are  at  least  three  important  lessons  we  can 


draw  from  this: 

1.  Many  spammers  are  extortionists.  What  happened  to 
Blue  Security  is  analogous  to  a  telemarketer  throwing  a 
brick  through  your  front  window  because  you  put  your 
phone  number  on  the  Do-Not-Call  List,  and  then  promis¬ 
ing  to  continue  to  throw  bricks  through  the  rest  of  your 
windows  if  you  don’t  take  your  name  off  the  list. 

2.  Don’t  buy  from  extortionists.  Lenin  said,  “The 
Capitalists  will  sell  us  the  rope  with  which  we  will  hang 
them.”  Although  I  seriously  doubt  that  many  spammers 
are  Communists,  when  you  buy  from  spammers,  you  buy 
from  the  people  who  fill  your  mailbox  with  junk  and  who 
turn  your  PCs  into  zombies.  Don’t  do  it. 

3.  Keep  your  own  house  in  order.  If  you  have  a  home 
PC  with  a  broadband  connection,  maintain  it  with  good 
anti-spyware  tools  that  will  prevent  your  PC  from 
becoming  a  zombie. 

There  are  lots  of  good  and  inexpensive  tools  available 
that  can  help  you  do  that,  such  as  Sunbelt  Software’s 
CounterSpy  Microsoft's  Windows  Defender  or  McAfee’s 
AntiSpyware,  to  name  just  a  few  of  the  many  products  that 
can  solve  this  problem  easily 

Osterman  is  a  principal  at  Osterman  Research.  He  can 
be  reached  at  michaeI@ostermanresearch.com 


E-MAIL  NEWSLETTER  SHOWCASE:  Convergence 

Skype  stops  charging  for 
domestic  calls 


BY  STEVE  TAYLOR  AND  LARRY  HETTICK 

Skype  continues  to  confound  us  with  its  business  model 
—  or  what  seems  to  be  the  lack  thereof.  It’s  kind  of  like  the 
old  joke  about  the  company  that  plans  to  lose  money  on 
each  transaction  but  will  make  it  up  in  volume. 

This  behavior  was  exemplified  recently  when  Skype 
became  the  first  VoIP  service  (to  our  knowledge)  to  cease 
charging  for  domestic  (U.S.  and  Canada)  calls  from  Skype 
to  both  landlines  and  cell  phones.  And  when  we  say 
“stopped  charging, ’’that’s  exactly  it.The  calls  are  free. 

It  wasn’t  exactly  like  the  price  was  outrageous  up  until 
now.  Calls  were  1.7  Euro-cents  per  minute,  which  equates  to 
about  2.1  cents  per  minute.  Of  course,  with  the  abundance 
of  bundles  for  “all  you  can  eat”  services,  both  from  tradi¬ 
tional  telephony  service  providers  and 
from  cellular  providers,  many  of  us 
already  found  ourselves  using  Skype 
only  for  international  calls  or  when  spe¬ 
cial  services  were  needed.  And,  by  the 
way,  Skype  does  still  charge  for  its  inter¬ 
national  services. 

We  can  offer  some  speculation  as  to 
why  the  calls  are  becoming  free.  First,  by 
offering  the  service  for  free,  the  cost  of 
processing  the  charges  can  be  avoided. 


(So  far  as  we  know,  the  detail  reporting  will  still  be  avail¬ 
able.)  Second,  the  free  calling  will  help  get  users  in  the  habit 
of  using  Skype  on  a  more  regular  basis,  thereby  increasing 
the  use  of  ancillary  services  (such  as  voice  mail).  And  as  a 
related  issue,  this  may  increase  the  uptake  of  “Skype-In”  in¬ 
bound  services.  The  bottom  line  is  that  Skype  is  taking  the 
view  that  traditional  telephony  service  providers  have  qui¬ 
etly  admitted  for  years:  the  profits  come  from  added-value 
services,  not  from  the  services  themselves. 

As  a  footnote,  Skype  finally  added  one  of  the  most- 
needed  features  for  international  calls:  translation  service. 
For  many  of  us,  the  problem  with  making  international 
calls  is  quite  fundamental. We  don’t  speak  the  language. 
Skype  and  Language  Line  Services  recently  announced  a 
translation  service  for  $2.99  per  minute 
for  more  than  150  languages. 


Taylor  is  president  of  Distributed 
Networking  Associates  and 
publisher/editor  in  chief  of  Webtorials.  He 
can  be  reached  at  taylor@ 
webtorials.com.  Hettick  is  vice  president 
for  Telecom  Services  and  Infrastructure  at 
Current  Analysis.  He  can  be  reached  at 
lhettick@currentanafysis.  com. 
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TECHNMjDfiV  UPDATE 

■  AN  INSIDE  LOOK  AT  TECHNOLOGIES  AND  STANDARDS 


Protocol  weds  Ethernet  and  ATA  drives 


HOW  IT  WORKS:  ATA  over  Ethernet 

The  AoE  storage  protocol  uses  Ethernet  to  create  a  storage-area  network. 

Disk  storage 

Ethernet  switch 
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Q  AoE  initiator  broadcasts  an  AoE  configuration  string  message  to  discover  AoE  devices  on  the  network. 
The  initiator  repeats  broadcast  periodically. _ _  _  _ 

□  AoE  targets  respond  with  available  AoE  device  addresses. 

H  AoE  initiator  sends  AoE  messages  with  unique  tag  identifiers  and  ATA  disk  commands. 

□  AoE  targets  execute  AoE  messages  (disk  read/write  commands)  and  echo  tags  in  the  responses. 

H  If  no  tag  response  is  received,  initiator  resends  AoE  message.  Ethernet  networks  rarely  drop  frames, 
so  retransmission  is  rare. 


BY  BRANTLEY  COILE 

Applications  need  massive  amounts  of 
storage, but  servers  have  limited  disk  space. 
Moving  storage  out  of  a  server  and  putting 
it  on  a  network  makes  expanding  storage 
easy.  The  ATA-over-Ethemet  storage  proto¬ 
col  (AoE)  combines  Ethernet  and  low-cost 
disks  to  create  a  simple  way  to  connect 
storage  to  a  network. 

Much  like  the  Fibre  Channel  storage  pro¬ 
tocol,  which  uses  SCSI  disk  commands  over 
fiber  optics,  AoE  is  designed  to  transport 
ATA  disk  commands  over  standard 
Ethernet  without  using  TCP/IP  Eliminating 
the  complexities  of  TCP/IP  and  Fibre 
Channel  makes  AoE  storage  inexpensive 
and  easy  to  use.  AoE  enables  unlimited 
scalability  and  disks  can  be  shared  by  any 
servers  on  a  network. 

AoE  is  a  command/response  protocol 
that  puts  Ethernet  connectors  on  disk 
drives.  AoE  clients  use  a  block  device  driver 
(initiator),  which  lets  a  very  large  number 
of  AoE  devices  (targets)  appear  as  local 
disks.  The  AoE  protocol  enables  a  driver  to 
discover  target  devices  using  configuration 
information  stored  in  those  devices. 
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Two  types  of  messages  are  transferred  via 
AoE.  One  carries  ATA  disk  commands,  and 
the  other  is  used  for  discovering  AoE  tar- 
gets.The  beginning  of  each  message  identi¬ 
fies  a  target’s  physical  location,  carries  a 
correlation  tag  and  defines  the  type  of  mes¬ 
sage.  The  physical  location  is  recorded  in  a 
16-bit  major  and  an  8-bit  minor  address. 

The  major  address  is  usually  an  assigned 
chassis,  or  shelf,  number. The  minor  address 
is  a  disk  slot  in  the  chassis  or,  in  the  case  of 
a  RAID  target,  a  logical  unit  number.  A  cor¬ 
relation  tag  is  used  by  the  initiator  to 
uniquely  identify  each  message.This  allows 
multiple  outstanding  requests  at  any  given 
time. 

ATA  commands 

The  most  common  AoE  message  is  an 
ATA  command  and  data  to  be  written  to  a 
target. The  ATA  command  can  be  thought 
of  as  an  operation  code  and  a  group  of 
parameters.The  target  receives  the  com¬ 
mand,  copies  the  parameters  into  the 
disk’s  registers,  issues  the  command  and 
then  monitors  the  status  of  the  disk.  On 
completion,  the  disk  returns  status  and 
error  register  values,  along  with  any  data 
that  has  been  read. 

The  second  type  of  message  is  used  in  a 
configuration/discovery  process.  Each  AoE 
target  device  has  a  short  string  of  bytes  that 
can  be  set,  read  and  queried.  Using 
Ethernet  broadcast  packets  and  the  prefix 
match  command,  AoE  clients  can  discover 
AoE  targets  available  for  use  on  a  network. 

AoE  storage  devices  can  be  single  disks 
or  groups  of  disks  assembled  into  RAID 
volumes.They  can  be  partitioned  like  any 


disk.  AoE  devices  can  be  cooperatively 
claimed  by  a  single  AoE  client,  or  simulta¬ 
neously  shared  by  multiple  AoE  clients  in 
clustered  environments.  Because  AoE 
devices  are  block  storage,  they  can  be 
used  as  raw  storage  disks  or  mounted 
with  any  disk  file  system.  AoE  devices  can 
be  managed  with  volume-management 
software  tools  and  become  part  of  large 
storage  systems.  AOE  storage  devices  are 
suited  for  applications  that  require  low- 
cost  and  scalability,  including  server  clus¬ 
ters,  disk-to-disk  backup,  e-mail  servers, 


databases,  medical  images  and  records, 
video  surveillance  and  many  others. 

The  specification  for  AoE,  an  open  pro¬ 
tocol,  is  available  at  www.nwdocfinder. 
com/3629.  Most  popular  Linux  distribu¬ 
tions  include  AoE  drivers,  and  hundreds 
of  users  are  benefiting  from  expanded 
storage  using  AoE. 

Coile  is  the  founder  and  chief  technical 
officer  of  Coraid  and  a  co-author  of  the 
AoE  protocol.  He  can  be  reached  at 
info@coraid.  com. 


Ask  Dr.  Internet 


By  Steve  Blass 


How  hard  is  it  to  get  started  with  Ruby  on 
Rails? 

Ruby  on  Rails  is  a  Web  application  framework  writ¬ 
ten  in  the  Ruby  programming  language.  To  get  start¬ 
ed,  download  the  instant  Rails  ZIP  file  at  www.rubyon 
rails.org  and  extract  the  package  into  a  directory  with 
no  spaces  in  the  path  name.  The  Instant  Rails  applica¬ 
tion  contains  everything  you  need,  including  Ruby, 
Apache,  MySQL,  PHPMyAdmin  and  Rails. 

To  get  started,  click  the  “I"  button  on  the  main 


menu,  choose  “Configure/Windows  Host  File"  and  add 
the  following  lines  to  the  host  file  for  the  MyCookbook 
and  Typo  Web  applications:  “127.0.0.1  www.mycook- 
book.com"  and  “127.0.0.1  typo".  From  the  main  menu, 
choose  Rails  Applications/Manage  Rails  Applications, 
click  the  check  box  next  to  the  cookbook  application 
and  click  the  "Start  SCGI  Server"  button.  Launch  a 
Web  browser  and  aim  it  at  www.mycookbook.com  to 
see  the  results. 

The  host  file  entry  you  made  ensures  that  your 
browser  connects  to  the  server  you  just  installed 


using  the  hostname  expected  by  the  application.  After 
this  works,  you  can  return  to  the  main  Instant  Rails 
menu  and  turn  on  the  included  blogging  application 
named  Typo.  Do  it  the  same  way  you  enabled  the 
cookbook  (check  the  box  and  start  the  SCGI  server). 
Aiming  the  browser  at  http://typo  then  lets  you  con¬ 
figure  your  Instant  Rails-based  blog. 

Blass  is  a  network  architect  at  Change@Work  in 
Houston.  He  can  be  reached  at  dr.internet@changeat 
work.com. 
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puzzle,  some  junk,  electric  sheep 


A 

First  up  this  week,  a  question  for 
Outlook  users:  In  the  calendar  you 
have,  by  default,  the  Navigation  Pane 
displayed  on  the  left.  In  the  menu  it 
indicates  this  is  a  toggle  that  uses  the 
shortcut  ALT+F1. 

We’re  using  Outlook  2003  Service 
Pack  2,  and  when  we  press  ALT+Fl 
nothing  happens.  We  are  also  run¬ 
ning  a  tool  we  absolutely  couldn’t 
live  without,  Caelo’s  Nelson  Email 
Organizer  Free  3. 1  (www.nwdocfind 
er.com/3630),  but  we  don’t  think 
that’s  the  problem.  Any  ideas  anyone? 

Our  second  topic  is  stuff  you  don’t  need. Yep,  when  you 
start  poking  around  in  Windows,  it  is  staggering  what  you 
can  find  that  is  running  but  doesn’t  need  to  be.  What 
brought  this  topic  to  mind  was  finding  the  Java  Update  util¬ 
ity,  jusched.exe,  running  on  one  of  our  PCs. 

This  piece  of  code  doesn’t  take  up  much  processor 
power, but  its  average  working  memory  is  about  692KB  and 
its  peak  working  memory  is  about  2,032KB.  That  doesn’t 
sound  too  bad,  but  when  you’ve  got  a  dozen  or  more  un¬ 
necessary  processes  just  hanging  around,  you  could  be 
sacrificing  20MB  of  RAM  or  more! 

Maybe  it  is  our  old-school  background  that  makes  this 
waste  of  resources  so  irritating.  Back  then  a  byte  saved  was, 
well, a  byte  saved;you  bit  packed  data  where  you  could  and 
actually  optimized  code  performance.  But  we  had  long 
sideburns  and  wore  bell-bottoms, so  it  proves  what  you  win 


on  the  swings  you  loose  on  the  roundabouts. 

In  most  Windows  PCs  you’ll  find  a  veritable  cloud  of 
“quick”  launchers  and  helper  utilities  for  applications  such 
as  iTunes,WinZIP  and  WinAmp  (not  to  mention  the  afore¬ 
mentioned  jusched.exe).  And  don’t  get  us  started  on  all  the 
little  support  components  for  HP’s  printer  and  fax  software. 
Death  by  overengineering. 

One  of  the  easiest  ways  to  get  rid  of  this  crud  is  to  run  up 
msconfig.exe  and  look  at  the  entries  under  the  Startup  and 

When  you  start  poking  around 
in  Windows,  it  is  staggering 
what  you  can  find. 

Services  tabs.You  will  be  surprised  at  how  much  junk  is  run¬ 
ning.  Just  uncheck  the  boxes  next  to  an  unwanted  program 
or  service  entry  and  it  will  no  longer  get  loaded  at  start-up. 
You  can  usually  also  kill  the  running  versions  of  these  items, 
but  occasionally  something  ugly  will  happen,  so  rebooting 
tends  to  be  safest.  Note  that  sometimes  the  software  that 
these  chunks  of  code  support  will  reenable  the  item. 

If  there’s  anything  in  the  list  you  don’t  recognize,  just 
Google  its  name,  and  you’ll  find  a  number  of  sites  that  will 
explain  what  the  software  is  for  and  how  safe  it  is  to  disable. 
We  like  the  WinTasks  Process  Library  and  the  Network  Techs 
Startup  Database  and  Process  Database  (www.nwdocfind 
er. com/363 1,3632  and  3633,  respectively). 

Our  final  topic  is  a  screensaver  we  love!  No,  we’re  not  talk¬ 
ing  about  our  fabulous  Gearhead  Windows  screensaver 


(which  is  still  available  at  www.nwdocfinder.com/3634), 
we’re  talking  about  Electric  Sheep  (www.nwdocfinder 
.com/3635),  which  runs  on  Windows, OS  X  and  Linux. 

To  explain  this  screensaver  you  need  to  understand 
how  the  images  it  generates  are  created.  Using  freeware 
called  Apophysis  (for  Windows)  or  Oxidize  (for  Mac¬ 
intosh),  you  can  create  what  are  often  stunningly  beau¬ 
tiful  fractal  flames,  images  that  are  essentially  histograms 
of  iterated  function  systems  (oh,  that  gave  us  goose 
bumps). 

These  flames  are  two-dimensional  slices  through  a 
space  of  numbers.  You  can  think  of  the  slices  being 
taken  in  sequence  starting  and  ending  at  the  same 
place,  so  the  flames  (otherwise  called  sheep)  become 
animated  loops. 

Now  the  equations  that  define  a  sheep  can  be  considered 
its  genome.  When  a  sheep  you  like  is  displayed  by  the 
screensaver,  you  can  hit  the  up  arrow  to  vote  for  it.  If  you 
don’t  like  it,  hit  the  down  arrow. 

The  Electric  Sheep  server  manages  the  flock  —  the  col¬ 
lection  of  sheep  downloaded  by  the  sheep  clients  —  and 
tallies  the  votes  for  and  against  each  sheep.  It  then  gener¬ 
ates  new  sheep  using  a  genetic  algorithm. The  new  sheep 
will  be  automatically  downloaded  to  your  screensaver  in 
the  background. 

Using  Apophysis  or  Oxidize,  you  also  can  generate  your 
own  sheep  and  add  them  to  the  flock  by  uploading. 

Is  this  computing  stuff  fun  or  what?!  Tell  us  on  Gibbsblog 
or  at  gearhead@gibbs.com. 


INSIDE  THE 
NETWORK 
MACHINE 


Mark  Gibbs 


CoolTools 

Quick  takes  on  high-tech  toys.  Keith  Shaw 


The  scoop:  Palm  Treo  700p,  by  Sprint,  about  $400 
-i  (after  rebates  and  agreement,  plus  monthly  service). 

Verizon  Wireless  offers  the  700p  for  a  similar  price,  with 
varying  data  network  service  plans. 

What  it  is:  After  testing  the  700p  (the  Sprint  version)  for  a  few  weeks,  I 
can  truly  say  that  the  smart-phone  is  the  culmination  of  the  “converged 
device”  that  many  of  us  have  been  dreaming  about  —  and  vendors  have 
been  promising  —  for  years.  Not  only  does  the  700p  converge  a  mobile 
phone  with  a  PDA,  but  it  also  converges  a  classy  business  tool  with  a  per¬ 
sonal  entertainment  device.  If  you’ve  been  looking  for  one  device  that 
does  it  all,  look  no  further  than  the  700p  (well,  as  long  as  you’re  happy 
with  Sprint’s  or  Verizon’s  wireless  network  coverage). 

Why  it’s  cool:  Is  it  too  early  to  call  the  Treo  700p  smart-phone  the 
product  of  the  year?  Perhaps,  but  it  has  raised  the  bar  for  excellence 
in  the  mobile  device  world. 

The  Code  Division  Multiple  Access  EV-DO  wireless  network  provides 
broadbandlike  speed  for  data  access.  In  performance  tests  with  the 
Sprint  device,  1  achieved  an  average  speed  of  about  820Kbps,  well 
above  dial-up  speeds  and  previous  mobile  devices  I’ve  tried.  The  net¬ 
work  speed  is  more  than  enough  if  you  want  to  use  the  700p  for  down¬ 
loading  e-mails  and  attachments.  But  all  that  speed  seems  wasted  on 
e-mail  and  Web  surfing,  so  Sprint  and  Verizon  include  on-demand 
video  and  music  download  services  that  highlight  the  high-speed  net¬ 
work’s  strength. The  basic  previews  are  free,  but  you’ll  have  to  pony  up 
additional  coin  for  premium  features. 

Both  carriers  support  dial-up  networking,  which  lets  you  use  the  high¬ 
speed  wireless  network  connection  on  the  phone  to  connect  to  a  PC. 


If  you’re  out  and  about  without  a  Wi-Fi  signal  or  wired  broadband  connection,  the 
Treo  700p  can  provide  Internet  access  via  USB  cable  or  Bluetooth.  In  my  tests,  the 
Bluetooth  connection  worked  perfectly,  and  I  was  on  the  Internet  within  minutes. 
On  the  business  side,  the  device  comes  with  VersaMail  to  connect  to  common  In¬ 
ternet  mail  providers  but  will  also  support  POP  and  IMAP  mail.  For  corporate  mail, 
the  device  supports  Microsoft  Exchange  ActiveSync  (Ex¬ 
change  2003).  Other  third-party  e-mail  providers  (includ¬ 
ing  Good  Technology)  have  announced  support  for  the 
700p.  Once  you  get  your  e-mail,  the  Documents  To  Go 
application  continues  to  support  the  viewing  of  Word, 
Excel,  PowerPoint  and  PDF  file  attachments,  and  users 
can  edit  Word  and  Excel  documents  on  the  device. 

As  a  personal  entertainment  device, the  700p  includes 
a  1.3-megapixel  camera/camcorder  and  the  Pocket 
Tunes  digital  audio  player,  which  can  play  music  from  a 
Secure  Digital  card. The  Sprint  TV  application  was  OK; 
watching  live  TV  or  other  video  clips  was  hit  or  miss 
(sometimes  the  system  timed  out  trying  to  connect,  or 
I  got  jittery  video).  The  camera  and  camcorder  are 
vastly  improved  over  early  attempts  at  digital  cameras 
on  a  PDA. 

Some  caveats:  I  don’t  have  any  big  complaints,  other 
than  the  usual  issues  —  battery  life,  display  resolution 
(320  by  320  pixels)  and  tiny  keypad  —  which  hamper 
all  mobile  devices.The  pros  far  outweigh  any  cons. 

Bottom  line:  If  you’ve  been  aching  for  a  converged 
device,  you  really  can  have  it  all  with  the  700p  —  the 
framework  is  there  for  you  to  get  rid  of  other  devices  and 
find  Nirvana  (the  bliss)  or  Nirvana  (the  band). 

Grade:  ★★★★★  (out  of  five). 


The  convergence  of  network,  appli¬ 
cations  and  hardware  make  the 
Treo  700p  a  masterpiece. 


Shaw  can  be  reached  at  kshaw@nww.com 


Simplify  your  I.T.  and  your  business.  IBM  servers  and  storage  are  designed  to 
help  you  do  just  that.  Take  the  IBM  TotalStorage ®  DS4300  Express  with 
DACstore.  It  is  designed  to  allow  you  to  reconfigure  or  add  capacity  while 
staying  up  and  running.  No  need  to  stop  to  reset  drives. 

Because  with  IBM  Express,  innovation  comes  standard.  That’s  true  for  servers, 
storage  and  printers.  What’s  more,  you  can  keep  your  technologies  current 
while  helping  to  reduce  costs  -  through  IBM  Global  Financing. 

All  things  considered,  an  I.T  hero  deserves  nothing  less. 


MEET  3  HEROES  IN  THE  BATTLE  AGAINST  IT.  COMPLEXITY. 
YOU’RE  THE  4TH. 


IBM  TotalStorage  DS4300  Express 

4.2TB  with  1  controller;  16.8TB  with  21 
Support  for  RAID  0/1  /3/5/10 
512MB  cache 

Scales  to  33.6TB  of  Fibre  Channel  Disk1 
Limited  warranty:  3  years  on-site2 

From  $7,790  *3 

IBM  Financing  Advantage 

Only  $218/month4 
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Complimentary  IBM 

Systems  Advisor  Tool. 

Teil  the  IBM  Svstems  Advisor 

SBH  o 

IBM  eServer  xSeries  366  Express  -2 

Up  to  four  64-bit  Intel*  Xeon*  Processors  1 — 
MP  3.66GHz  (single  core)/3GHz  (dual  core)  ^ 

IBM  TotalStorage  3580  Express 

Helps  protect  LTO™  investment 

Built  on  Ultrium™  3  technology 

what  your  IT.  needs  are.  And 
it  will  automatically  customize 
a  server/storage  system  that’s 
right  for  you. 

2GB  memory,  expandable  to  64GB  ^ 

DDR  II  ECC  memory  “ 

Six  64-bit  Active  PCI-X  2.0 

IBM  Director  to  help  monitor  performance 

Read/write  compatible  with  Ultrium  2  drives 
-  read  compatible  with  Ultrium  1  drives 

Up  to  800GB  cartridge  capacity 
with  2:1  compression1 

ibm.com/ 

Limited  warranty:  3  years  on-site2 

Limited  warranty:  3  years  on-site2 

systems/in  novate21 

From  $6,399* 

IBM  Financing  Advantage 

From  $5,999* 

IBM  Financing  Advantage 

1  866-872-3902 

Only  $227/month4 

Only  $168/month4 

mention  104CE13A 

’All  prices  stated  are  IBM's  estimated  retail  selling  prices  as  of  January  24, 2006.  Prices  may  vary  according  to  configuration.  Resellers  set  their  own  prices,  so  reseller  prices  to  end  users  may  vary.  Products  are  subject  to  availability.  This 
document  was  developed  for  offerings  in  the  United  Stales.  IBM  may  not  offer  the  products,  features,  or  services  discussed  in  this  document  in  other  countries  Prices  are  subject  to  change  without  notice.  Starting  price  may  not  include  a 
hard  drive  operating  system  or  other  features.  T.  Denotes  raw  storage  capacity.  Usable  capacity  may  be  less.  2.  Telephone  support  may  be  subject  to  additional  charges.  For  on-site  labor  IBM  will  attempt  to  diagnose  and  resolve  the  problem 
remotely  before  sending  a  technician.  On-site  warranty  is  available  only  for  selected  components.  3.  Starting  price  does  not  include  hard  drives,  which  are  required  lor  operation  of.tlie  machine.  4.  IBM  Global  Financing  offerings  are  provided 
ihrouah  IBM  Credit  LLC  in  the  United  States  and  other  IBM  subsidiaries  and  divisions  worldwide  to  qualified  commercial  and  government  customers.  Monthly  payments  provided  are  for  planning  purposes  only  and  may  vary  based  on  your 
credifand  other  factors.  Lease  offer  provided  is  based  on  a  FMV  lease  of  36  monthly  payments  Other  restrictions  may  apply.  Rates  and  offerings  are  subject  to  chanae.  extension  or  withdrawal  without  notice  IBM.  the  IBM  logo.  eServer. 
TotalStorage  and  xSeries  are  trademarks  or  registered  trademarks  of  International  Business  Machines  Corporation  in  the  United  States  and/or  other  countries.  Intel  ana  Intel  Xeon  are  trademarks  or  registered  trademarks  of  Intel  Corporation 
or  its  subsidiaries  in  the  United  States  and  other  countries.  LTO  and  Ultrium  are  trademarks  of  Certance,  HP  and  IBM  in  the  U.S.  and  other  countries.  Other  company,  product  and  service  names  may  be  trademarks  or  service  marks  of  others. 
©2006  IBM  Corporation  All  rights  reserved. 
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Can  you  trust  China 
for  outsourcing? 

While  China’s  outsourcing  market  continues  to  grow, 
recent  events  highlight  nagging  concerns. 

A  new  study  says  Chinas  software  outsourcing  ser¬ 
vices  market  reached  $323  million  in  the  first  quarter  of 
2006,  up  almost  44%  compared  with  the  first  quarter  of  2005. 

According  to  Analysys  International,  Japan  is  the  biggest 
contracting  market  to  China,  accounting  for  59%  of  the  coun¬ 
try’s  software  outsourcing  market.  Europe  and  the  United 
States  account  for  23%.The  country’s  leading  outsourcing 
outfits  by  market  share  are  Neusoft,  Hisoft  and  SinoCom. 

Considering  how  fast  the  world  outsourcing  market  is  grow¬ 
ing,  it’s  no  surprise  that  IBM,  HR  Microsoft,  Siemens,  Unisys, 
Electronic  Data  Systems  and  others  are  all  adding  staff  in 
China.  And  even  India’s  outsourcing  giants  —  Tata,  Infosys 
and  WiPro  —  have  a  presence  in  the  country 
But,  as  in  most  countries  where  outsourcing/offshoring  is 
conducted, security  concerns  are  one  of  the  largest  issues 
customers  face.  India,  by  far  the  largest  destination  for  off¬ 
shored  work,  has  had  its  share  of  problems,  and  it  has  ongo¬ 
ing  programs  and  plans  to  try  to  deal  with  those  issues. 

While  China  hasn’t  had  as  many  security/outsourcing- 
related  problems  —  that  we  know  of  —  the  U.S  government 
sent  a  signal  last  week  that  is  indicative  of  underlying  con¬ 
cerns  that  may  influence  the  Chinese  outsourcing  market: 
the  U.S.  government  said  it  doesn’t  trust  one  of  China’s  largest 
manufacturers,  Lenovo. 

The  U.S.  Department  of  State  said  it  won’t  use  Lenovo  com¬ 
puters  on  a  classified  network  because  of  ongoing  concerns 
about  the  company’s  Chinese  government  ties.The  State 
Department’s  decision  comes  after  House  Rep.  Frank  Wolf  (R- 
Va.)  objected  to  the  use  of  Lenovo’s  computers  in  a  classi¬ 
fied  network  connecting  U.S.  embassies  and  consulates. 

In  March,  the  State  Department  announced  plans  to  pur¬ 
chase  16,000  Lenovo  computers  and  related  equipment  for 
$13  million  through  a  government  contractor. While  the  com¬ 
puters  will  still  be  used,  they  won’t  play  a  role  in  any  sensi¬ 
tive  government  networks. 

But  one  has  to  wonder  if  this  development  will  give  pause 
to  U.S.  firms  considering  outsourcing  work  to  China.  Should 
this  matter? 

We  would  argue  yes  and  no. Yes,  obviously  you  should  care 
about  the  security  implications  of  outsourcing  work  to  any 
third  party,  especially  firms  overseas  where  the  laws  concern¬ 
ing  intellectual  property  and  privacy  may  be  looser. 

But  beyond  that,  no.  China  shouldn’t  be  singled  out  as 
being  particularly  dangerous.  China  and  even  Russia  will 
likely  become  world-class  players  in  the  outsourcing  mar¬ 
ket,  even  if  our  government  continues  to  harbor  suspicions. 

—  Michael  Cooney 
News  editor 
mcooney@nww.  com 


Necessary  lawsuits 

Regarding  Johna  Till  Johnson’s  column  “Wire¬ 
tapping  the  WAN:  It’s  the  law”  (www.nwdoc 
finder.com/3621):  Johnson  does  readers  a  service 
by  explaining  the  Communications  Assistance  for 
Law  Enforcement  Act’s  (CALEA)  requirement  that 
carriers  embed  wiretapping  capabilities  into  the  fab¬ 
ric  of  their  network  infrastructures.  But  1  disagree 
with  her  conclusion  that  the  Electronic  Frontier 
Foundation  (EFF)  shouldn’t  sue  AT&T  and  instead 
should  “go  after  the  folks  who  required  [wiretap¬ 
ping]  in  the  first  place.”  Given  the  federal  govern¬ 
ment’s  growing  penchant  for  secrecy,  such  lawsuits 
may  be  the  only  way  to  learn  more  about  CALEAs 
potential  to  undermine  our  civil  liberties.  Go  EFF 

Warren  Wilson 
Bellevue, Wash. 

Missing  pieces 

1  deployed  a  Cisco  ASA  5510  for  a  small  business  sev¬ 
eral  months  ago  and  agree  with  your  review  of  the 
product  line  (“Cisco  hits  on  firewall/VPN,  misses  on 
tight  management,”  www.nwdocfinder.com/3622). 

The  Adaptive  Security  Device  Manager  needs  a 
makeover  to  integrate  features.  I  made  several 
attempts  to  set  up  the  Web  VPN’s  menus  and  gave 
up.  Then  I  found  the  missing  piece  of  the  puzzle 
and  set  it  up  with  little  problem.  I  still  need  to  fig¬ 
ure  out  how  to  change  the  Web  VPN’s  SSL  certifi¬ 
cate  so  the  domain  matches.  My  only  issue  with 
the  hardware  is  that  it  doesn’t  support  hairpinning, 
so  you  can’t  connect  via  a  VPN  and  also  access  the 
Internet. 

Cory  Wagner 
Systems  administrator 
Internet  Production 
St.  Paul,  Minn. 


Porn  not  the  biggest  problem 

Regarding  Linda  Musthaler’s  column  “Fbrn  purvey¬ 
ors  may  be  in  next  cubicle”  (www.nwdoc 
finder.com/3623):  As  network  administrators  know, 
porn  is  just  part  of  the  daily  cost  of  setting  what  is 
essentially  a  television  at  each  workstation  if  there 
are  no  filters  or  controls  in  place,  and  it  is  usually 
one  of  the  lesser  Internet  problems.The  cost  in  con¬ 
sumed  bandwidth  and  productivity  is  just  as  bad 
with  a  variety  of  Web  sites,  along  with  instant  mes¬ 
saging  and  streaming  audio  and  video.  Bravo  for 
blocking  porn,  Musthaler  says.  How  about  blocking 
the  sports  site  that  just  ate  up  45  minutes  of  compa¬ 
ny  time  for  those  guys  huddled  around  cubicle  12? 
People  also  regularly  visit  Web  sites  for  their  favorite 
TV  shows  or  sports  teams. 

The  point  of  the  story  is  similar  to  pointing  to  a 
burning  flag  to  detract  from  the  shredding  of  the 
Constitution.  Child  pom  is  a  horrible  crime  but 
should  not  be  equated  with  the  normal  human  sex 
drive,  nor  should  the  need  for  a  company  to  protect 
itself  from  unwanted  expenses  and  legal  problems 
be  used  as  an  excuse  to  allow  the  government 
greater  control  over  the  Internet. 

The  problem  with  child  porn  as  it  pertains  to  net¬ 
work  administrators  has  nothing  to  do  with  morality 
or  legality  but  the  quantifiable  cost  to  employers  in 
dollars  and  cents.  If  administrators  are  doing  their 
jobs  to  look  after  their  employers’  bottom  line,  the 
morality  or  legality  of  the  specific  sites  employees 
visit  will  be  a  nonissue. 

Gerald  Lanning 
Senior  programmer/analyst 
American  Printing  House  for  the  Blind 

Louisville,  Ky 

E-mail  letters  to  jdix@nww.com  or  send  them  to  John  Dix,  editor  in 
chief,  Network  World,  1 1 8  Turnpike  Road,  Southborough,  MA  01772. 
Please  include  phone  number  and  address  for  verification. 
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ON  COMMUNICATIONS 
Nick  Lippis 


INDUSTRY  COMMENTARY 
Frank  Dzubeck 


Alcatel  +  Lucent = Bay  Networks 


It  only  makes  sense  that  as  the  service  provider 
market  consolidates,  so  too  does  the  industry 
supply  chain.  With  service  providers  focusing 
on  broadband, enterprise  customers  and  mobility 
further  consolidation  is  likely  With  a  smaller  num¬ 
ber  of  more  powerful  buyers  of  telecom  equip¬ 
ment,  it’s  natural  that  there  will  be  a  smaller  num¬ 
ber  of  equipment  vendors.  Which  brings  us  to 
Alcatel  and  Lucent. 

Last  month  Alcatel  and  Lucent  announced 
plans  to  merge  and  form  the  world’s  leading 
communication  solutions  provider.  Some  high- 
lights:The  combined  company  will  have  a  finan¬ 
cial  base  and  revenue  of  about  $25  billion  based 
on  calendar  2005  results;  the  new  Alcatel  is  still 
smaller  than  Cisco  by  some  1 7%,  albeit  Cisco’s 
main  revenue  comes  from  the  enterprise  market; 
the  new  Alcatel  will  be  a  global  convergence 
leader  with  one  of  the  largest  and  most  compre¬ 
hensive  wireless,  wireline  and  services  portfolios 
in  the  industry  and  one  of  the  largest  global  com¬ 
munications  R&D  capabilities  in  the  world.  As  for 
management,  Alcatel’s  Serge  Tchuruk  is  to  be 
nonexecutive  chairman,  while  Lucent’s  Patricia 
Russo  will  be  the  CEO,  based  in  Baris.The  compa¬ 


nies  will  have  equal  board  representation. 

I’m  skeptical  this  will  work.  I  have  not  seen  a 
successful  merger  of  equals  in  our  industry. 
Someone  has  to  take  charge,  especially  in  a 
mixed  cultural  environment  such  as  the  new 
Alcatel.  The  result  may  be  similar  to  Bay  Net¬ 
works,  which  was  the  merger  of  equals,  Wellfleet 
Communications  and  SynOptics.  Bay  was  never 
able  to  gain  a  footing  to  compete  effectively  with 

I  have  not  seen  a 
successful  merger  of 
equals  in  our  industry. 

Cisco,  the  sole  reason  for  the  merger.  Bay’s  prob¬ 
lems  involved  distance  and  cultural  issues  too,  but 
within  the  same  country.  In  the  end,  Nortel 
acquired  Bay 

The  new  Alcatel  will  have  its  revenue  nearly  split 
between  North  America  and  Europe,  with  each 
contributing  about  35%,  and  the  remaining  30% 
coming  from  Asia,  the  Caribbean,  Latin  America, 
the  Middle  East  and  Africa.This  and  the  Bell  Labs 
resource  differentiate  the  new  Alcatel  from  Cisco, 


Nortel,  Siemens,  Ericsson  and  others.  But  Lucent 
will  now  be  part  of  the  French  socialist  state,  with 
larger  pension  and  retirement  plans  than  its 
American  and  European  competitors.  There  will 
be  a  10%  reduction  in  the  combined  workforce  of 
26,000  over  the  next  three  years.  Chances  are  that 
most  of  this  reduction  will  come  on  the  U.S.  side, 
as  it’s  more  difficult  to  fire  French  employees. 

This  may  be  Cisco’s  golden  opportunity  to  ag¬ 
gressively  take  share  in  the  service  provider  mar¬ 
ket.  It  knows  how  to  take  advantage  of  a  com¬ 
petitor  when  it’s  in  the  fog  of  reorganization  and 
restructuring.  The  communications  world  con¬ 
tinues  to  move  toward  a  converged  voice,  video 
and  data  model  on  IRfor  which  Cisco  is  so  well 
positioned.  (For  a  deeper  analysis  of  the  Alcatel- 
Lucent  merger, see  www.nwdocfinder.com/3624, 
where  Scott  Bradner,  Zeus  Kerravala  of  the 
Yankee  Group  and  Lippis  discuss  the  pros  and 
cons  of  the  deal.) 

Lippis  publishes  the  '‘Lippis  Report” newsletter,  a 
resource  for  network  and  FT  business  decision 
makers.  Get  your  free  subscription  at  www.lip 
pis.com.  He  can  be  reached  at  nick@lippis.com. 


IT  and  networking:  Convergence  or  divergence 


Having  seen  many  vendor  presentations 
announcing  new  products  and  strategies 
recently,  I’ve  noticed  a  common  thread. The 
IT  world  has  embraced  the  concept  of  total  multi- 
vendorism  based  upon  agreed-to  industry  stan¬ 
dards.  Corporate  IT  chooses  vendors  based  not 
on  incumbency  but  the  age-old  metric  of 
price/performance  combined  with  ROI  and  total 
cost  of  ownership.  Integration,  legacy  application 
encapsulation  and  database  federation  have  be¬ 
come  software  mantras.  Data  center  consolida¬ 
tion  has  become  a  business  issue,  not  an  IT  night¬ 
mare.  Evolving  a  corporation  into  the  world  of  ser¬ 
vice-oriented  architectures  (SOA)  requires  corpo¬ 
rate  commitment  to  business  process  and  organi¬ 
zational  changes  that  may  have  a  far  greater 
impact  than  IT  technology  changes. 

The  SOA  concept,  while  business  driven,  is 
based  upon  the  way  we  look  at  information  and 
IT  services.The  IT  industry  has  strived  to  eliminate 
vendor  lock-in  at  any  layer  in  the  architecture.  De¬ 
coupling  of  the  layers  using  Web  services  instead 
of  procedural  calls  creates  a  virtualized  model 
from  the  application  to  the  infrastructure  layer.  In¬ 
formation  is  divorced  from  computation  and 
transmission.  The  theory  is  simple  yet  powerful 
and  elegant.  The  execution  is  another  matter. 

As  the  SOA  concept  developed,  issues  began  to 
surface.  Security  and  management  for  Web  ser¬ 
vices  were  the  obvious  first  pain  points.  Industry 
forums  quickly  were  created  and  populated  with 
representation  from  all  major  vendors.  The  issues 
were  addressed  and  standards  published.  The 
same  approach  was  taken  to  create  a  service 
component  architecture,  which  will  provide  a 
model  for  constructing  and  assembling  a  network 


of  services.  This  will  allow  multivendor  middle¬ 
ware  enablement  software,  as  well  as  application 
software,  to  interact  at  the  component  level. 

The  next  creation  was  service  data  objects 
(SDO)  that  provides  common  access  to  data. 
SDOs  make  it  easy  to  manage  and  exchange 
data  across  services  with  heterogeneous  for- 
mats.The  most  recent  SOA  fix  is  the  ability  to  fed¬ 
erate  and  access/share  information  across  multi¬ 
vendor  configuration  management  databases 
(CMDB)  and  other  data  repositories.  CMDB  fed¬ 
eration  will  give  corporations  another  guarantee 
for  choice  and  flexibility  in  terms  of  adding  new 
IT  hardware,  applications  and  middleware,  in 

Giving  lip  service  to  SOA 
compliance  is  not  enough. 

addition  to  assisting  with  corporate  compliance 
and  governance  issues. 

Building  a  corporate  SOA  is  like  building  a  cathe¬ 
dral.  It  may  take  years  to  accomplish,  but  the  busi¬ 
ness  rewards  can  be  magnificent.  IT  vendors  are 
committed  to  making  SOA  simplification  a  reality 
through  multivendor  technological  agreements 
that  are  the  burden  of  vendors,  not  customers. 
They  realize  that  the  size  of  the  IT  pie  always  will 
increase  proportionally  to  business  productivity 
and  growth, and  they  all  can  share  in  that  increase. 

We  in  the  network  and  communications  world 
seem  to  be  on  a  totally  different  path  than  our  IT 
brethren.  At  a  recent  industry  analyst  presenta¬ 
tion,  Cisco  equated  simplification  to  fewer  ven¬ 
dors  and  offered  slide  after  slide  to  prove  how 
complex  it  is  to  manage  and  operate  any  network 


in  a  multivendor  environment.  Is  the  network 
industry  that  different  from  the  IT  industry? 

IT  vendors  have  learned  to  cooperate  and  get 
results  outside  of  standards  organizations.  The  IT 
industry  informally  agrees  on  a  problem,  formally 
addresses  the  problem  by  a  division  or  work/re¬ 
sponsibility  and  then  takes  it  to  a  standards 
group  ready  for  implementation.  Even  then,  cus¬ 
tomers  may  delay  or  never  employ  the  standard, 
as  with  SNMPv3  and  IPv6. 

After  years  of  proprietary  focus,  voice  com¬ 
munications  vendors  realize  that  embracing 
SOA  requires  a  new  multivendor  perspective. 
They  are  no  longer  in  control  of  their  strategic 
destiny  but  are  part  of  the  bigger  SOA  picture. 
Similarly,  all  software-based  network  and  com¬ 
munications  vendors  must  comply  with  SOA 
tenets  or  be  relegated  to  encapsulated/federated 
legacy  systems.  That  leaves  a  host  of  network 
infrastructure  vendors,  from  the  LAN  to  the 
WAN,  both  wireless  and  wireline,  to  become  the 
equivalent  of  “dumb  pipes”  or  allow  SOA  tenets 
to  drive  their  intelligence. 

Giving  lip  service  to  SOA  compliance  is  not 
enough.  Deeds  speak  louder  than  words.The  net¬ 
work  and  communications  industry  must  solve  its 
own  problems  through  industry  cooperation 
rather  than  marketing  procrastination.  Corporate 
SOA  progress  cannot  be  impeded;  if  we  in  the  in¬ 
dustry  cannot  do  it  ourselves,  the  IT  industry  will 
do  it  for  us. 

Dzubeck  is  president  of  Communications 
Network  Architects,  an  industry  analysis  firm  in 
Washington,  D.  C.  He  can  be  reached  at  fdzubeck@ 
commnetarch.  com. 
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Six  IT  execs  sound  off  on  their 
successful  VoIP  deployments. 
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BY  SANDRA  GITTLEN 

For  many  organizations, VoIP  is  still  on  the  drawing 
board.  But  for  six  IT  pros  supporting  users  around  the 
world,  IP  telephony  is  proving  its  mettle  —  helping  them 
collaborate  across  great  distances,  rein  in  out-of-control 
communications  costs  and  build  a  solid  foundation  for 
corporate  growth. 
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Name:  Ugur  Usumi 

Title:  Director  of  Information 

Technologies 

Organization:  America-Mideast 
Educational  andTraining  Services 
(AMIDEAST) 

Location:  Washington,  D.C. 
industry:  Provider  of  inter¬ 
national  training  and  education  in 
the  Middle  East  and  North  Africa 


With  25,000  to  30,000  students  each 
year  depending  on  educational 
and  training  services,  it’s  critical 
that  the  employees  of  America-Mideast 
Educational  and  Training  Services  be  in 
constant  contact  with  one  another.  But 
the  fear  of  high  toll  costs  left  the  compa¬ 
ny’s  350  administrators 
in  the  United  States, 
Middle  East  and  Africa 
out  of  touch. 

“When  people  think 
they’re  going  to  have  to 
pay  for  a  call,  they 
don’t  make  that  call. 
Our  toll  charges  were 
expensive,  and  we 
were  paying  quite  a  bit 
for  each  call,”  says  IT 
Director  Ugur  Usumi. 

To  boost  collabora¬ 
tion  and  lower  interna¬ 
tional  toll  charges,  Usumi  added  the  VoIP 
feature  to  his  Siemens  PBX,  enabling  VoIP 
to  most  of  the  company’s  16  internation¬ 
al  offices. 

The  AMIDEAST  network  includes  a 
combination  of  IP  phones  and  regular 
phones.  Users  on  regular  phones  dial 


Educational  firm  learns  how  to  cut  toll  calls  and  boost  international  collaboration 


into  the  PBX,  which  switches  the  traffic  to 
VoIP  For  the  IP  phones,  Usumi  programs 
them  at  the  home  office  and  sends  them 
to  users  in  the  field. 

Each  office  can  now  call  any  other  via 
four-digit  dialing  or  by  using  the  PBX  in 
Washington,  D.C.,  to  call  outside  of  the 
company.  “In  the  past,  that  kind  of  calling 
might  have  cost  $1.50  per  minute.  Now 
we’re  able  to  talk  to  the  field  offices  any 
time  we  want  without  international  toll 
charges,”  he  says,  adding  that  all  the  fea¬ 
tures  available  to  users  in  the  D.C.  office 
are  available  to  the  field  offices. 

This  has  enabled  increased  collabora¬ 
tion.  “We  now  have  staff  from  Lebanon, 
Cairo  and  Morocco  all  on  the  same  con¬ 
ference  call  at  the  same  time. We  are  arriv¬ 
ing  at  decisions  much  quicker^he  says. 

Usumi  has  tied  in  unified  messaging 
with  the  new  system  to  enable  users  to 
receive  voice  mail  as  e-mail  and  vice 
versa.  He  also  rolled  out  softphones  so 
users  can  take  advantage  of  the  VoIP  sys¬ 
tem  from  airports  and  hotels. 

He  says  the  VoIP  system  has  saved  the 
company  at  least  $1,000  per  month  in 
international  calling  costs. 

See  VoIP,  page  40 


FOR  ONCE,  MANAGEMENT 
THAT  MAKES  THINGS  SIMPLE. 


The  IBM  eServer™  xSeries®  226  Express  helps  you  manage 
your  current  servers  from  a  single  console.  That’s  simple. 
And  together  with  Intel®  Xeon®  Processors,  the  x226  can 
help  meet  your  business  needs  now  and  as  you  grow. 
That’s  smart.  The  x226  can  even  alert  you  to  potential 
hard  drive  problems  up  to  48  hours  in  advance.  With  IBM, 
innovation  comes  standard.  It’s  that  simple. 

IBM  eServer  xSeries  226  Express 

Great  for  file,  print,  remote  office,  and  collaboration. 

From  $919 

Up  to  two  Intel®  Xeon®  Processors  3.40GHz  2MB  L2  Cache 
IBM  Director  monitors  the  system  and  provides  alerts 
Up  to  16GB  PC2-3200  DDR  II  memory 
Up  to  1.8TB  Hot  Swap  SCSI  storage 
Limited  warranty:  up  to  3  years  on-site' 


IBM  eServer  xSeries  236  Express 
From  $2,005 

IBM  Financing  Advantage  only  $63/month" 


IBM  eServer  xSeries  346  Express 
From  $2,025 

IBM  Financing  Advantage  only  $64/monttf 


Up  to  two  Intel®  Xeon®  Processors  3.80GHz  2MB  Up  to  2.7TB  using  300GB  Hot  Swap 
L2  Cache  SCSI  HDDs 


Light  Path  Diagnostics  pinpoints  hardware 
problem  areas 

Up  to  16GB  PC2-3200  DDR  II  memory 


Redundant  power  capable 
Limited  warranty:  3  years  on-site’ 


Up  to  two  Intel®  Xeon®  Processors 
3.80GHz__ 

Two-way  2U  rack  server 
Up  to  16GB  DDR  II  memory 
using  8  DIMM  slots 


Predictive  Failure  Analysis  and  Light  Path 
Diagnostics  help  provide  easy 
identification  of  hardware  problems 

Limited  warranty:  3  years  on-site1 


RAID  Card.  At  no  extra  charge. 

Purchase  a  select  IBM  eServer  xSeries  Express  server  and  you  can  receive  a  RAID  upgrade  at  no  additional  charge.  Offer  is  good  for  a 
limited  time  only  and  subject  to  availability  on  the  following  systems:  x206m  Express,  x226  Express,  x236  Express,  and  x346  Express. 


ibm.com/systems/innovate30  1  866-872-3902  mention io4ce2oe 


’All  prices  are  IBM's  estimated  retail  selling  prices  as  of  April  17. 2006  Prices  may  vary  according  to  configuration.  Resellers  set  their  own  prices,  so  reseller  prices  to  end  users  may  vary.  Products  are  subject  to  availability.  This  document 
was  developed  tor  offerings  in  the  United  States.  IBM  may  not  offer  the  products,  features,  or  services  discussed  in  this  document  in  other  countries.  Prices  subject  to  change  without  notice.  Starting  price  may  not  include  a  hard  drive, 
operating  system  or  other  features.  Contact  your  IBM  representative  or  IBM  Business  Partner  for  the  most  current  pricing  in  your  geography.  1.  IBM  hardware  products  are  manufactured  from  new  parts,  or  new  and  serviceable  used  parts. 
Regardless,  our  warranty  terms  apply.  For  a  copy  of  applicable  product  warranties,  write  to:  Warranty  Information.  P.0.  Box  12195.  RTP.  NC  27709,  Attn.  Dept.  J0JA/B203.  IBM  makes  no  representation  or  warranty  regarding  tnird-party 
products  or  services,  including  those  designated  as  ServerProven  or  ClusterProven.  Telephone  support  may  be  subject  to  additional  charges.  For  on-site  labor,  IBM  will  attempt  to  diagnose  and  resolve  the  problem  remotely  before  sending 
a  technician.  On-site  warranty' is  available  only  for  selected  components.  Information  about  non-IBM  products  is  oblained  from  the  manufacturers  of  those  products  or  their  published  announcements.  IBM  has  not  tested  those  products 
and  cannot  confirm  the  performance,  compatibility,  or  any  other  claims  related  to  non-IBM  products.  Questions  on  the  capabilities  of  non-IBM  products  should  be  addressed  to  the  suppliers  ol  those  products.  2.  IBM  Global  Financing 
offerings  are  provided  through  IBM  Credit  LLC  in  the  United  States  and  other  IBM  subsidiaries  and  divisions  worldwide  to  qualified  commercial  and  government  customers.  Monthly  payments  provided  are  for  planning  purposes  only 
and  may  vary  based  on  your  credit  and  other  factors.  Lease  otter  provided  is  based  on  a  FMV  lease  ot  36  monthly  payments.  Other  restrictions  may  apply.  Rates  and  offerings  are  subject  to  change,  extension  or  withdrawal  without  notice. 
3.  Otter  subject  to  the  complete  terms  of  the  IBM  eServer  xSeries  Express  server  and  RAID  promotion.  IBM,  the  IBM  logo,  eServer  and  xSeries  are  trademarks  or  registered  trademarks  ol  International  Business  Machines  Corporation  in 
the  United  States  and/or  other  countries.  Intel.  Intel  Inside,  the  Intel  Inside  logo,  Intel  Xeon.  Xeon  Inside  and  Pentium  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries. 
Microsoft  is  a  trademark  ot  Microsoft  Corporation  in  the  United  States,  other  countries,  or  both.  Other  company,  product  and  service  names  may  be  trademarks  or  service  marks  ot  others.  ©  2006  IBM  Corporation  Ail  rights  reserved. 


City's  overtaxed  workers  able  to  improve  customer 
service  thanks  to  municipal  VoIP  system 


III  m  a  systems  guy,  not  a  phone  guyj’says 
I  Monte  Watembach,  network  adminis- 
I  trator  for  the  city  of  Sioux  Falls,  S.D.  He 
makes  this  distinction  as  a  preface  to  saying 
how  easy  it  is  to  handle  a  VoIP  rollout. 
“Managing  voice  mail  servers  and  phone 
queues,  that’s  something  a  sysadmin  can  easi¬ 
ly  pick  up  and  do.” 

Watembach  and  IT  Manager  Ed  Castle 
should  know.  They  are  in  the  midst  of  an 
aggressive  rollout  of  VoIP  to  the  city’s  1,100 
full-time  employees.The  project, which  started 
in  2003  and  is  expected  to  conclude  in  the 
next  few  years,  will  cover  most  of  the  city’s  crit¬ 
ical  infrastructure,  including  city  hall,  the 
libraries,  the  mayor’s  office,  the  town  hall,  the 
utility  billing  office  and  the  community 
health  center. 

With  400  users  up  and  running  on  a 
ShoreTel  VoIP  system,  the  goal  is  to  do  80  or 
more  each  year  until  the  project  is  complete. 

The  focus  has  been  on  making  the 
switchover  from  PBX-based  phones  to  IP  tele¬ 
phony  painless.  “Two  people  handle  the  roll¬ 
outs  now.  We  bring  the  users  into  a  training 
room  to  teach  them  how  to  use  the  equip¬ 
ment.  While  they  are  in  a  two-hour  session,  we 
deploy  the  phones  at  their  desks, ’’Watembach 


says.The  process  is  so  smooth  that  most  users 
are  comfortable  with  the  new  system  in  two 
to  three  days,  he  says. 

The  biggest  benefit  they’ve  seen  is  the  abili¬ 
ty  for  employees  to  share  workloads.  For 
instance,  before  the  VoIP  system,  the  commu¬ 
nity  health  clinic  was  overrun  by  customer 
calls.  “They  only  had  two  lines  so  callers 
would  often  get  a  busy  signal,”  Castle  says. 
Now,  calls  can  be  queued,  and  if  the  operator 
has  too  many  stacked  up,  other  clinic  workers 
will  receive  an  alert  to  help  handle  the  load. 
“We’ve  raised  morale  for  workers  and 
improved  customer  service,”  Castle  says. 

The  network  overhaul  has  cost  $250,000  and 
includes  switches,  desk  phones,  software 
components,  installation  and  training.  It’s  tar¬ 
geted  at  departments  using  PBXs  that  are  7  to 
10  years  old.  With  the  new  system,  employees 
have  a  shared  voice  mail  system  and  four¬ 
digit  dialing.They  also  are  integrating  the  VoIP 
system  with  Outlook. 

“Engineering  has  a  public  folder  with  their 
contractor  contacts  that  all  public  works 
employees  can  dial  from.  This  saves  them 
time  looking  for  names  and  numbers  —  there 
is  no  manual  dialing  or  typing,  they  just  look 
in  the  folder  and  click  on  a  name,”  Castle  says. 
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Names:  Ed  Castle  and  Monte 
Watembach 

Titles:  IT  manager  and  network 
administrator 
Organization:  City  of  Sioux  Falls 
Location:  South  Dakota 
Industry:  Municipal  government 
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Distributor  nails  merger-driven  VoIP  rollout  by  taking  the  outsourcing  route 


As  a  member  of  the  fifth  generation  of  his  family’s 
135-year-old  business,  Jeff  Honerkamp  is  proud  of 
the  customer  service  his  company  delivers.  For 
example,  industry  veterans  are  onhand  at  all  times  to 
answer  tough  questions  from 
customers  about  lumber  and 
plywood. 

With  the  2001  acquisition  of  a 
Long  Island  laminate  distribu¬ 
tor,  Honerkamp  was  looking  for¬ 
ward  to  expanding  the  compa¬ 
ny’s  in-house  expertise,  but 
communications  snafus,  includ¬ 
ing  an  archaic  phone  system, 
hampered  his  efforts. 

“The  company  we  acquired 
had  a  phone  system  that  was  extremely  outdated.  We 
couldn’t  even  transfer  calls  —  we  had  to  call  the  main 
number  and  then  have  the  person  paged. That  took  a 
toll  on  customer  service  as  people  were  kept  waiting,” 
Honerkamp  says. 

Replacing  the  PBX-based  phone  system  for  92 
employees  at  both  locations  was  out  of  the  question. 


“With  a  company  our  size,  I’m  the  one  who  knows  the 
most  about  infrastructure  —  we  don’t  have  an  in- 
house  IT  or  telecommunications  team  to  own  and 
manage  the  PBX  system,”  he  says. 

Instead,  Honerkamp  decided 
to  use  outsourced  VoIP  from  M5 
Networks.  “Outsourcing  takes 
the  burden  off  me  —  they 
become  my  in-house  tele¬ 
phone  backbone  of  support 
service,”  he  says. 

To  date,  a  third  of  the  compa¬ 
ny  is  on  the  VoIP  system,  includ¬ 
ing  customer  service,  accounts 
receivable  and  accounts  pay¬ 
able,  and  Honerkamp  says  the 
company  is  already  seeing  the  benefits. 

“The  VoIP  system  is  our  main  telephone  system, 
and  it  allows  us  to  have  customer  service  in  one 
place.  If  someone  calls,  we  can  transfer  them  to  the 
appropriate  expert  in  either  location  right  away,  or 
they  can  contact  that  person  directly,”  he  says, 
adding  VoIP  enables  better  collaboration  and  com¬ 


munication  in-house. 

The  company  also  is  taking  advantage  of  VoIP  to 
allow  employees  to  telecommute  and  the  flexibility  to 
hire  for  either  location.  “With  tolls  and  commuting,  it 
can  be  hard  to  find  employees  for  each  office.  Voice 
over  IP  gives  us  the  option  of  hiring  someone  in  Long 
Island  to  work  for  the  New  York  office.  Also,  if  someone 
wants  to  be  a  stay-at-home  parent,  we  can  now  accom¬ 
modate  that,”  he  says. 

Honerkamp  used  VoIP  to  keep  an  employee  who 
would  have  had  to  leave  the  company  for  personal 
reasons.  “He  now  logs  on  from  his  home  in  Penn¬ 
sylvania  with  an  IP  phone.  The  system  grabs  his  pro¬ 
file,  and  he  can  piggyback  onto  our  lines  as  if  he  were 
physically  here,”  Honerkamp  says. 

The  best  part  about  VoIP  is  the  single  bill  he 
receives  for  locations  and  telecommuters,  he  says. 
“Before,  I  had  seven  or  eight  bills  to  sift  through,  and 
it  was  tedious  looking  through  surcharges  and  fees. 
Most  people  sign  off  on  those  bills,  but  I’ve  found  so 
many  errors.  A  VoIP  bill,  which  has  one  monthly 
charge,  is  definitely  a  lot  easier  than  a  typical  carrier 
bill  to  read.” 


Name:  Jeff  Honerkamp 

Title:  COO 

Organization:  F.W.  Honerkamp 
Co. 

Location:  New  York,  N.Y. 
Industry:  Wholesale  distributor 
of  plywood  and  lumbers 
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Name:  RonYan 
Title:  IT  manager 
Organization:  Chartered 
Semiconductors  Manufacturing 
Location:  Milpitas,  Calif. 
Industry:  Chip  manufacturing 
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Fast-growing  consulting  firm  benefits  from  running  VoIP  over 
MPLS  mesh  network 


When  network  administrator  Matt  Chiardonna 
began  building  a  VoIP  system  for  CCA 
Strategies’  customer-facing  call  center  three 
years  ago,  he  quickly  saw  the  technology  would  be 
beneficial  for  the  internal  phone  system  as  well. 

The  company,  a  collection  of  business  units  dealing 
with  different  facets  of  benefits  consulting,  is  growing 
10%to  20%  per  year  with  sites  springing  up  across  the 
country  Already,  CCA  boasts  more  than  200  employees 
at  10  sites  in  cities  such  as  Atlanta,  Chicago,  Denver 
and  Los  Angeles.  Employees  work  out  of  small  offices, 
home  offices  and  from  the  road. 

Chiardonna  says  the  growth  was  putting  a  signifi¬ 
cant  strain  on  the  company’s  PBX  system.  Add  to  this 
that  three  years  ago,  the  firm  began  hosting  a  call  cen¬ 
ter  to  answer  benefits  participant  calls. “We  needed  a 
system  that  could  record,  log  and  report  on  calls,”  he 
says.  “Could  our  phone  system  support  all  this?  The 
answer  was  not  really” 

Chiardonna  turned  to  a  software-based  package 
from  Interactive  Intelligence  that  runs  off  Windows 
2000  Server.  Though  that  solved  his  call  center  prob¬ 
lem,  he  was  still  stuck  on  the  capacity  limitations  of 
the  internal  phone  system. 

“I  thought,  with  our  continued  growth  rate  —  we 
have  four  offices  opening  next  year  —  do  we  keep 
putting  stress  on  the  current  PBX  or  go  in  a  different 
direction?”  he  says. 

Chiardonna  also  faced  the  problem  of  not  having  IT 
staff  in  each  location,  so  working  with  local  phone 
companies  to  get  up  and  running  would  have  been 
difficult.“We  have  actuaries  that  play  the  dual  role  of 
IT  person  at  each  site,”  he  says. 

He  decided  to  build  out  what  he  was  using  for  the 
call  center  to  the  entire  company. The  first  step  was  to 
create  an  MPLS  network.  “MPLS  helped  us  mesh  all 
the  offices  together,”  he  says.  With  the  help  of  technol¬ 
ogy  retailer  and  consultancy  CDW,  he  began  deploy¬ 
ing  Polycom  phones  at  each  site. 

“This  is  completely  software-based. There  is  no  hard¬ 
ware  so  there  is  no  physical  environment.  We  can 
have  our  phone  system  anywhere  we  want  within  our 
MPLS  network,”  he  says.  He  adds  that  the  MPLS  net¬ 
work  also  allows  for  redundancy  and  failover. 

Rolling  out  the  phones  has  been  a  learning  experi- 
ence.“We  honed  our  strategy  so  that  for  each  deploy¬ 
ment,  we  walk  into  an  office,  count  the  number  of 
users,  buy  phones,  buy  a  switch  to  support  those 
phones  and  have  everything  ready  to  go  within  two 
weeks,”  he  says. 

Users  who  travel  between  offices  are  excited  about 
the  new  system  and  are  anxious  for  it  to  be  in  every 
office.“Traveling  users  can  go  office  to  office  and  still 
have  their  phone  system. The  system  also  shows  avail¬ 
ability  of  consultants  who  are  always  in  meetings.  And 
there  is  no  cost  for  calls  between  offices,”  he  says. 

CCA  also  uses  the  system  to  send  and  receive  faxes. 
“Before,  if  someone  sent  a  fax  after-hours  from  Los 
Angeles  to  Chicago,  it  would  be  missed.  Now  all  faxes 
are  being  sent  straight  into  Outlook  using  the  voice 


over  IP  network,”  he  says. 

The  next  phase  of  the  rollout  will  focus  on  creating 
a  centralized  receptionist  pool  so  that  each  office 
does  not  have  to  employ  a  person  to  answer 
phones. “Two  or  three  receptionists  across  the  coun¬ 
try  could  answer  calls  and  if  one  person  is  out,  calls 
could  be  re-routed  to  another  office.  In  terms  of 
staffing,  voice  over  IP  represents  immediate  savings,” 
he  says. 

Chiardonna  has  saved  more  than  $100,000  by  not 
having  to  deploy  new  hardware  and  voice  mail 
servers  or  pay  for  phone  service  and  support  at 
each  site.  He  says  he’s  looking  forward  to  adding 
new  features  to  the  network.  “We’ve  been  using 
voice  over  IP  for  seven  months  and  we’ve  only 
scratched  the  surface  of  what  it  can  do,”  he  says. 
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Name:  Matteo  Chiardonna 
Title:  Network  administrator 
Organization:  CCA  Strategies 
Location:  Chicago 
Industry:  Benefits  consulting  firm 


Semiconductor  maker  chips 
improves  security  and  adds 

With  headquarters  in  Singapore, Chartered 
Semiconductors  Manufacturing’s  U.S. 
sales,  marketing  and  engineering  teams 
log  a  lot  of  international  miles  and  even  more 
international  calls.  Trying  to  manage  all  those 
calls  through  the  company’s  two  PBXs  in 
California  and  Texas  was  proving  to  be  an  audit¬ 
ing  and  security  night¬ 
mare  for  Ron  Yan,  the 
company’s  IT  manager 
in  Milpitas,  Calif. 

“We  had  a  function 
where  an  employee 
could  call  into  the  PBX 
and  authenticate  with  a 
code  and  then  call  out 
internationally  from 
there.  But  it  was  a  big 
mess  because  you  could  only  use  one  code  so 
all  120  traveling  users  were  using  the  same 
code,”Yan  says. 

It  was  impossible  to  track  who  was  calling 
where,  he  says.“We  had  no  way  of  knowing  who 
was  abusing  the  system.  Also,  if  someone  left  the 
company,  you  couldn’t  change  the  code 
because  there  was  no  way  to  let  everyone 
know  the  new  passcode  in  a  timely  fashion.” 

When  Yan  put  out  an  RFP  for  a  new  commu¬ 
nications  system  in  2004,  he  asked  for  “secure 
individual  authentication  that  allows  for  access 


away  at  telco  charges, 
unified  messaging 

to  be  clicked  off  if  they  leave  the  company!’ 

The  only  option  wasVoIRhe  says.Yan  installed 
an  IP  telephony  network  comprising  Cisco  gear 
and  LiteScape  Technologies  enterprise  soft¬ 
ware  that  integrates  with  his  Lotus  Domino 
environment. 

“Everyone  is  now  on  voice  over  IP  there’s  no 
more  PBX,”  he  says. 
“When  users  are  travel¬ 
ing,  they  dial  an  800- 
number  that  routes 
them  to  Milpitas.  They 
can  make  calls  any¬ 
where  in  the  world 
based  on  their  access 
rights.” 

Yan  likes  the  ability  to 
match  travelers  to  call¬ 
ing  rights  because  it  cuts  down  on  abuse  and 
lowers  overall  costs.“I  run  reports  every  day  on 
who  is  calling  whom  for  how  long,”  he  says.  He 
also  quickly  cuts  off  access  to  users  when  they 
leave  the  company 

His  users  say  they  like  the  system’s  new 
interface  and  unified  messaging,  which  lets 
them  access  e-mail  via  voice  mail  and  vice 
versa. 

He’s  also  saving  money  because  he  negotiates 
a  single  international  rate  from  Milpitas,  which 
is  better  than  individual  phone  rates. 
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Voice  over  802.11g  wireless  cures  hospital's 
communication  woes 


Name:  Chad  Landry 
Title:  Director  of  Information 
Services  andTelecommunications 
Organization:  Swedish  Medical 
Center 

Location:  Englewood,  Colo. 
Industry:  Health  care 


Chad  Landry  director  of  information 
services  and  telecommunications  at 
Swedish  Medical  Center  in 
Englewood,  Colo.,  credits  the  nurses  for 
sparking  the  wireless  VoIP  system  that  is 
now  available  to  more  than  half  of  the  hos¬ 
pital  s  2,035  employees. 

“They  wanted  wireless  phones  so  that 
when  they  paged  a  physician,  he  could  call 
them  right  back  and  not  have  to  be  trans¬ 
ferred  through  the  main  desk,”  Landry  says. 

At  first  the  hospital  considered  a  900-MHz 
system,  but  quickly  found  it  to  be  kludgy 
and  unable  to  integrate  with  other  network 
components.  “The  phone  size  was  awk¬ 
ward  and  in  my  opinion  the  technology 
was  old  and  dying 
and  there  were 
severe  interfer¬ 
ence  issues,”  he 
says. 

Landry  realized 
the  price  of  the 
900-MHz  system 
was  within  10%  of 
the  $250,000  he 
would  spend  for 
infrastructure  for 
the  wireless  VoIP  network. 

The  allure  of  the  project  was  strong.  “We 
could  kill  two  birds  with  one  stone:  voice 
over  IP  and  electronic  administration  of 
data  records  over  the  same  wireless  access 
point,”  he  says.  He  adds  that  patient  fami¬ 
lies,  employees  and  physicians  could 
access  the  Internet  over  the  wireless  net¬ 
work. 

Landry  was  excited  to  see  that  the  tech¬ 
nology  —  a  combination  of  Cisco  gear  and 
software  and  phones  from  SpectraLink  and 
Cisco  on  an  802.1  lg  network  —  had 
matured  over  the  past  few  years.  “If  I  had 
looked  at  this  seven  or  eight  years  ago,  I 
wouldn’t  have  done  it,” he  says.  But  security, 
reliability  and  availability  had  improved. 

However,  to  be  safe  and  to  abide  by  fed¬ 
eral  and  hospital  regulations,  Landry  runs 
the  wireless  network  separate  from  the 
hospital  network.  He  also  authenticates 
traffic  through  RADIUS  and  uses  Wired 
Equivalent  Privacy  to  encrypt  voice  com¬ 
munications. 

The  most  difficult  part  of  the  rollout  was 
educating  hospital  administration  about 
the  costs  and  benefits,  Landry  says.“I  had  to 
teach  them  about  redundant  routers, 


switching,  on-call  support  and  other  tech¬ 
nology  he  says. 

He  also  had  to  ask  everyone  for  patience. 
“You  don’t  roll  out  a  voice  over  IP  system 
and  not  expect  to  have  issues.”  To  control 
the  situation,  he  rolled  out  access  to  one 
unit  at  a  time.“We  met  with  the  department 
for  a  week,  found  out  their  workflow  and 
configured  the  phones  accordingly  Then 
we’d  go  back  the  next  week  and  do  a  staff 
training.The  biggest  thing  was  that  we  were 
available  to  solve  problems  during  and 
after  the  deployment.” 

The  IT  team  started  a  hospitalwide  user 
group  so  that  all  floors  could  get  together 
for  standardization.  “Originally  when  you 
went  floor  to  floor, 
there  were  differ¬ 
ences  in  how  the 
technology  was 
used,”  he  says. 

One  early  snafu 
involved  batteries. 
“The  phone  batteries 
needed  to  be 
charged  each  day, 
but  there  was  no  rou¬ 
tine  in  place.  We 
received  a  lot  of  complaints  so  we  had  to 
integrate  the  charging  into  the  workflow? 

Today,  more  than  240  wireless  VoIP 
phones  are  in  use  at  the  hospital  by  a  cross- 
section  of  departments,  including  radiolo¬ 
gy,  and  Landry  is  activating  new  features  all 
the  time.  “Now,  we  have  a  wireless  paging 
system  that  can  send  text  messages  to  the 
phone  and  employees’  families  can  con¬ 
tact  them  without  them  having  to  leave 
their  patients.” 

Gittlen  is  a  freelance  technology  editor  in 
Massachusetts.  She  can  be  reached  at  sgittlen 
@charter.net. 
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Network  World  VoIP  event 

The  VoIP  Payoff:  Convergence  &  Collaboration  - 
Capitalizing  on  the  New  Benefits  of  Real-Time  Networks 
is  the  place  to  find  how  video  over  IP,  unified  messag¬ 
ing  and  collaborative  apps  take  VoIP  to  the  next  level. 
It's  the  Network  World  LIVE  Technology  Tour  event 
coming  in  June,  www.nwdocfinder.com/3169 


Tips  from  the 
trenches: 

VoIP  veterans  offer  advice  for 
avoiding  common  mishaps. 

Chad  Landry  on  support  contracts: 

"Have  your  support  plan  worked  out.  We  weren't 
thinking  of  the  wireless  voice  over  IP  system  as 
critical  when  we  first  started  out.  If  the  network 
went  down  at  2  a.m.,  someone  left  a  message 
and  we  did  a  best-effort  the  next  day  to  get  it 
back  up  and  running.  Now  we  know  it's  critical 
and  we  have  support  contracts  in  place  to  bring 
people  in  right  away  to  fix  the  problems.” 

Matteo  Chiardonna  on  Power  over  Ethernet: 

“If  you  use  Power  over  Ethernet,  make  sure  you 
put  in  redundancy  and  a  UPS.  We  were  con¬ 
cerned  about  loss  of  power.  We  wanted  to  make 
sure  that  the  phone  system  stayed  on  long 
enough  for  an  emergency  call.  It  didn’t  take  a  lot 
to  upgrade  and  account  for  this." 

Ugur  Usumi  on  call  quality: 

“If  you’re  using  voice  over  IP  from  overseas,  try 
to  get  higher  speed  connections. The  higher  the 
speed,  the  better  the  voice  over  IP  is,  like  every¬ 
thing  else.  However,  even  at  lower  speeds,  with 
compression  in  the  IP  phones,  we've  been  able 
to  make  quality  calls.” 

Ed  Castle  on  backup  access  points: 

“We  had  a  lot  of  phone  services  coming  into  one 
building.  It  was  extremely  important  that  we 
needed  a  backup  access  point.  We  were  able  to 
split  access  and  put  aT-1  into  another  location." 

Ron  Yan  on  picking  vendors: 

"Check  out  more  vendors  than  you  need  to. 
Make  sure  you  understand  all  the  architectures 
and  decide  which  one  fits  your  company’s 
needs.  We  have  four  vendors  providing  one 
voice  over  IP  solution  —  all  software-based. 
But  if  your  company  doesn't  need  that,  you 
might  want  to  look  at  streamlining  so  that  it's 
easier  to  manage." 

Jeff  Honerkamp  on  outsourcing: 

"If  you’re  a  small  company,  consider  using  an 
outsourcer.  You  don't  have  to  worry  about  keep¬ 
ing  firmware  or  software  up  to  date  and  you 
don’t  want  the  hassle  of  upgrading  reporting 
tools  or  call  management  tools.  I  don't  have  the 
time  to  invest  in  all  that.  Outsourcing  allows  me 
to  concentrate  on  what  I  do  best.” 
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voice  on  the  net 
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voice  on  the  net  Q  Conference  I  Sept.  11-14,  2006 

Expo  I  Sept.  12-14,  2006 

\j  @  □  B  Boston  Convention  &  Exhibition  Center 

video  on  the  net  0  45  Summer  Street,  Boston,  MA 

Expo  Hours:  Tuesday,  Sept.  1 2 . 1 0am-5pm  Wednesday,  Sept.  1 3 . 1 0am-5pm 

Thursday,  Sept.  14 . 10am-2pm 

FREE  EXPO  ACCESS  (a  $200  value)! 
or.  Save  up  to  $500  on  the  full  Conference  and  Expo 

Register  at  www.von.com/register  and  enter  priority  code 
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Voice,  Video  &  Vision 

Ten  Years  of  Defining  the  Industry 

Join  us  for  Fall  2006  VON®  -  Register  Today 


Learn  what  you  need  to  know  TODAY  to  make  the  best  business  decisions  for  TOMORROW! 


Join  fellow  telecom  and  network  managers  at  Fall  2006  VON  and  discover  how  the  evolving 
IP  communications  industry  will  change  the  way  your  business  communicates 

Evaluate  a  wide  array  of  IP-based  products  and  services  at  the  industry's  largest  IP-focused  Expo  floor 

Learn  how  to  optimize  your  company's  communications  infrastructure  in  the  new  age  of  network  convergence 


Register  Today  using  Priority  Code  NWWFALL  at  www.von.eorn  or  call  631.96i.lip0 
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NWWFALL.  Register  by  June  30th  to  SAVE!  Or,  bring  this 
coupon  onsite  for  special  pricing  ($50)  to  The  VON  Expo™ 

(a  $150  savings). 

*This  coupon  may  be  copied  and  shared  with  friends  and  colleagues. 
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Who  should 
attend? 

IT  professionals  with  authority 
over  VoIP  purchasing  and 
implementation,  including: 

>  VPs  of  telecommunications, 
infrastructure,  IT 
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Technology  Tour 


Capitalizing  on  the  New  Benefits  of 
Real-Time  Networks 


>  Managers  and  directors  of 
telecom,  networking  and  IT 

>  Architects  and  senior  architects 

>  Engineers  and  senior  engineers 

>  Internal  consultants 

>  CTOs  and  CSOs 


Event 

lost 

Johna  Till  Johnson, 
Nemertes  Research 


Platinum  Sponsors: 


VoIP  unleashed  it:  Video  over  IP  Unified  messaging.  Wireless  VoIP  Real  time 
web,  audio,  video.  And  an  exciting  suite  of  collaborative  apps  that  give  new 
power  and  presence  to  every  user  in  your  network.  Now  get  ready  for  a  chain- 
reaction  of  benefits  across  the  enterprise: 

•  Networking:  Enabling  QoS  in  the  LAN  and  WAN 

•  Security:  Protecting  the  voice  infrastructure 

•  Compliance:  Meeting  the  new  regulations  that  govern  voice  traffic 

•  Storage  and  Data  Management:  Standardizing  data  life  cycles  for 
effective  voice  storage  and  message  retrieval 

Everyone  with  VoIP-or  about  to  roll  it  out-stands  to  gain  a  competitive  edge 
that  will  last  a  generation.  And  it  begins  at  The  VoIP  Payoff:  Convergence 
&  Collaboration,  the  June  Network  World  LIVE  Technology  Tour  event 
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Legendary  Reliability* 


FOUNDRY 

NETWORKS 


©ShoreTel 


Gold  Sponsor: 


Johna  Till  Johnson  of  Nemertes  Research  is  your  host.  She’ll  show  you  the 
trends.  Preview  coming  technologies.  Share  best  practices.  And  deliver 
real-world  solutions  you  can  take  back  to  the  enterprise  and  deploy  immediately. 

To  qualify  to  attend  free  you  must  register  in  advance.  Seats  are  limited,  so  reserve  your  place  early 
for  what  promises  to  be  a  profitable  day. 


Silver  Peak 


THE  VOIP  PAYOFF  |  QUALIFY  TO  ATTEND  FOR  FREE  |  REGISTER  AT 

I  www.networkworld.com/VPS6A2  or  call  1-800-643-4668 


CLEAR  CHOICE  TEST 


NetBotz  watches  the  NOG 
around  the  clock 


BY  TOM  HENDERSON  AND  LASZLO  SZENES,  NETWORK  WORLD  LAB  ALLIANCE 

Network  operations  centers  often  contain  hundreds  of  thousands  of  dollars 
in  equipment,  not  to  mention  the  cost  of  the  applications  and  processing 
on  the  equipment.  NetBotz  appliances  and  sensors  provide  extra  eyes  and 
ears  to  a  network  manager  looking  to  have  data  for  decision  support,  mon¬ 


itoring  and  auditing. 

Keeping  NOC  costs  down  is  tricky  They  are  usually  dis¬ 
tributed  over  a  wide  area  in  large  organizations  and  are 
often  run  remotely  without  resident  personnel.  Having 
the  extra  senses  provided  by  sensors  can  help  prevent 
disasters,  as  when  things  go  wrong  in  unstaffed  remote 
locations. 

This  remote  sensing  is  what  NetBotz,  a  division  of  APC, 
tries  to  bring  to  the  table  —  and  though  these  virtual  sens¬ 
es  are  useful,  we  found  that  some  have  rough  edges  and 
need  some  maturation.  Overall,  we  liked  them  and  had 
more  fun  than  we’re  supposed  to  in  our  tests. 

NetBotz  offers  two  versions  —  one  that  uses  the 
NetBotz  Central  1U  rack-management  appliance,  and 
one  based  on  the  smaller  NetBotz  500  appliance.  The 
varied  sensors  are  designed  to  be  hung  in  NOCs  or  col¬ 
location  facilities  (aka  server  hotels),  but  they  can  be 
placed  anywhere,  and  wall-mounting  kits  are  available. 
There  are  two  types  of  sensors  —  those  that  provide 
audio/video  and  those  that  are  state-condition  sensors, 
such  as  a  water  detector  or  a  door  opener.  Some  sensors 


The  NetBotz  appliance  fits  in  a  rack  and  manages  a  number  of 
sensors/monitors. 


can  be  fooled,  but  it  was  difficult  to  do  so.  In  turn,  the 
sensors  connect  to  the  NetBotz  appliances  and  trigger 
events  that  can  be  documented  (via  logs)  or  spawn 
alarms  that  can  be  sent  via  SNMP  or  cell  phone  text 
message. 

Both  appliances  are  accessed  through  an  HTTP  inter¬ 
face  (with  Java  client)  or  through  the  NetBotz  Advanced 
View  software  (Windows  2000  or  XP),  which  worked  well 
with  Internet  Explorer  and  Firefox/Mozilla,  but  not  with 
Apple’s  Safari  browser.  Sensors  can  be  cascaded  together 
to  form  networks.  It’s  possible  to  use  strictly  Secure-HTTP 
after  changing  the  default  access  from  HTTP;  accessibili¬ 
ty  otherwise  is  username/password  driven  (with  no 


How  we  did  it 


We  tested  the  NetBotz  Java-based  user  interface 
with  Windows  XP  SP2,  Linux  2.6. 1 1  and  Mac  OS 
10.4  using  Firefox,  Mozilla,  Internet  Explorer 
and  Safari  (the  K  rendering  engine  couldn’t  display 
the  NetBotz  Web  page  video).  We  also  tested  the 
Advanced  View  software,  which  is  captive  to  Windows 
2000+  (we  used  XP  SP2  64-bit  on  an  HP  ZV5000  note 
book).  We  detected  only  start-up  latency  differences 
between  the  Java-based  interface  and  the  Windows 
software  provided  by  NetBotz. 

We  tested  five  cameras,  two  door  sensors  and  all 
of  the  sensors  in  each  NetBotz  rack  or  discrete 
appliance. 

We  tested  the  cameras  in  varying  light  conditions  (2 
lux  to  45  lux),  and  used  various  methods  to  test 
motion  detection,  using  filters  and  obfuscating 
objects.The  motion  detection  sensors  could  be  fooled 


but  required  great  stealth,  beyond  what’s  reasonable,  to 
fool  them  and  stay  below  triggering  thresholds.  They 
are  not  perfect  but  can  suit  most  applications.  Color 
temperature  accuracy  was  substandard  but  nonob¬ 
fuscating.  We  tested  traffic  generated  by  various 
NetBotz  sensors  using  an  otherwise  quiescent  hub- 
connected  network  (IEEE  100  Base-TX)  and  measured 
with  a  Fluke  Optiview  II. 

The  SNMP  triggers  were  tested  and  verified  with 
InterMapper  from  Dartware.  We  used  InterMapper  to 
verify  the  traps  and  conditions  sent  by  each  of  the  sen¬ 
sor  appliances. 

Various  methods  were  used  to  test  temperature, 
humidity  and  dew  point  accuracy  on  the  sensors,  and 
they  were  reasonably  accurate.The  door  sensor,  which 
uses  a  magnetic  switch,  was  easily  thwarted  by  a  mag¬ 
net,  so  its  effectiveness  is  potentially  dubious. 
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NOG  SECURITY 


NETBOTZ  APPLIANCES  AND  SENSORS 


NetBotz  www.i letboi  u.coui 


BNetResults  4.25 


Configurations  start  at  $399,  up  to  $3,000  for 
NetBotz  Central  1U  appliance. 

Pros:  Comprehensive  NOC  appliances  with  many 
sensors;  easy  setup  and  administration. 


Cons:  Some  sensors  can  be  thwarted  (although 
with  great  difficulty);  requires  astute  cable 


Scoring  Key: 

5:  Exceptional. 

4:  Very  good. 

3:  Average. 

2:  Below  average. 

1:  Subpar  or  not  available. 


management. 

The  Breakdown 

Features  40% 

4 

Administration  30% 

4.5 

Security  20% 

4 

Installation/configuration  10% 

5 

Total  score 

4.25 

forced  tough  password  policy). 

A  management  console  user  interface  (found  in  the 
Java  and  Windows  application)  links  sensors  used  in  the 
NOCs  and  other  areas  where  equipment  needs  to  be 
monitored  visually  for  temperature,  humidity,  doors  being 
opened  and  other  conditions.  In  testing,  the  management 
infrastructure  for  NetBotz  was  easy  to  understand  and 
access,  although  some  of  the  sensors  didn’t  seem 
matched  to  their  packaging. 

Fun  with  sensors 

Much  of  the  work  done  by  the  NetBotz  appliances  deals 
with  camera/video  information.  Cameras  have  user-de¬ 
fined  resolutions  and  also  are  used  for  motion  detection. 
Audio  is  available,  but  the  audio  and  video  aren’t  perfectly 
synchronized  (close  enough,  though). The  video  from  the 
cameras  detect  changes  in  the  video  raster  to  discern 
motion.This  means  that  a  fly  buzzing  around  a  camera  isn’t 
likely  to  set  off  the  motion  detection. 

Dropping  a  paper  clip  in  front  of  the  camera  didn’t  trigger 
the  motion  detection,  but  dropping  a  ballpoint  pen  did. 
Very  slow  motion  prevents  detection,  but  it’s  difficult  to  do 
this,  even  under  low  light  conditions.  We  used  a  light-filter¬ 
ing  device  (to  simulate  smoke  or  fog),  and  the  sensor  still 
detected  us  under  low-light  conditions  and  the  additional 
obscurity  filter  we  used. 

Oddly,  the  color  temperature  of  the  video  was  incorrect;  it 
found  many  shades  of  black  as  blue.  Also,  the  video  could 
be  stored  only  as  an  .AVI  file  when  events  were  triggered. 
Otherwise,  captured  frames  in  .JPG  format  can  be  saved. 

The  cameras  weren’t  good  in  very  low  light  or  dusk 
lighting  environments.  In  addition,  NetBotz  has  an 
option  to  save  log/sensor  data  to  a  Windows  share  or 
Network  File  System  mount,  but  we  couldn’t  make  these 
options  work. 

Other  sensors  connected  to  the  NetBotz  500/420/320 
appliances  through  USB  ports.The  fluid-detection  sensor  is 
designed  to  lie  on  the  floor  of  a  NOC  to  detect  fluids,  such 
as  water.  The  sensing  threshold  is  fixed  for  this  device, 
which  didn’t  sense  droplets  of  water  but  easily  detected  a 
0.5mm  layer  of  moisture. 

A  door  sensor  we  used  was  more  interesting.  It  could 
detect  the  door  opening  and  closing,  but  we  could  thwart 
it  by  using  a  strong  magnet  (stolen  from  a  dead  IBM  disk 
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drive),  so  the  sensor  wouldn’t  register  an 
opening  if  the  magnet  was  placed  nearby 
(an  old  burglary  trick). 

The  NetBotz  Sensor  Pod,  which  can  be 
connected  to  the  NetBotz  500  or  used 
stand-alone  via  USB  connector,  has  con¬ 
nections  for  sensors  other  than  those  for 
a  camera  and  temperature/humidity, 
which  are  onboard.  Alarms  are  triggered 


when  settings  go  beyond  the  preset 
boundary  conditions.  Sensors  have 
high/low  and  range/time  alarm  triggers. 
All  of  the  triggers  can  be  sent  via  SNMP 
to  the  management  console. 

The  NetBotz  320,  another  1U  appliance, 
includes  the  integral  camera  and  tem¬ 
perature/humidity  sensors.  It  is  designed 
to  be  used  in  a  remote  rack  to  record  vis- 


Moves,  Adds  and  Changes 


Gigabit  Upgrades 


VoIP  Deployment 


Cable  Troubleshooting 


NETWORKSUPE  VISION 


The  right  tool  can  make  all  the 
difference.  That's  why  Fluke  Networks 
offers  a  range  of  portable  network 
tools  that  are  easy-to-use,  intuitive 
and  designed  to  accomplish 
exactly  what  you  need  them  to. 
Regardless  of  whether  you're 
performing  moves,  adds  and  changes, 
deploying  new  technologies  or 
troubleshooting  network  problems. 

We  have  the  tools  you  need  to 
immediately  focus  on  the  job  at  hand. 
And  focus  is  key  -  especially  as  your 
network  becomes  more  diverse,  and 
your  job  more  complex.  If  you're 
searching  for  the  right  tool  for  the 
job.  Fluke  Networks'  line  of  portable 
network  tools  are  worth  looking  into. 

See  for  yourself  what  a  difference 
the  right  toot  can  make.  Visit 
www.flukenetworks.com/righttool 
to  view  an  interactive  selection  guide 
that  will  help  you  determine  which 
tool  best  meets  your  needs. 


itors,  trigger  alarms  and  monitor  informa¬ 
tion  where  it’s  placed.  The  sensors  are 
not  different  but  are  in  a  different  format 
than  the  NetBotz  500.  The  NetBotz  420  is 
a  smaller  version  (with  just  one  USB 
port)  of  the  NetBotz  500.  External  sensors 
can  be  mixed  and  matched  among  the 
NetBotz  product  line. 

The  NetBotz  Central  Appliance  has 
onboard  storage  and  can  mass-configure 
the  thresholds,  triggers  and  other  settings 
of  all  the  sensors  connected  to  the  system 
(or  those  it  knows  by  IP  routing).  Tables 
and  logs  from  the  connected  appliances 
were  seen  easily,  and  we  found  the  device 
ideal  for  managing  large  numbers  of 
remote  NetBotz  sensors. 

Deployment  issues 

The  nonrack  devices  (the  500  and  420) 
have  numerous  connections,  including 
Ethernet,  USB  and  power.  In  lieu  of 
Ethernet,  you  can  connect  the  500  and 
420  via  a  Compact  Flash  802.11b  card, 
but  we  didn’t  test  this  feature.  The  500 
and  420  are  designed  to  be  wall-  or 
screw-mounted.  Cables  need  to  be  fixed 
with  cable  ties;  otherwise,  they  can  be 
inadvertently  pulled  out  of  their  respec¬ 
tive  ports.  The  appliances  and 
camera/sensor  devices  have  solid 
mounting  hardware  and  are  easily 
placed  in  position. 

Using  video  in  real  time  can  use  band¬ 
width.  Just  one  camera  at  full  resolution 
takes  up  219kbps  at  a  full  1,280  by  1,024 
resolution  (30  frame/sec),  but  the  same 
camera  at  160  by  120  resolution  (postage 
stamp  size)  at  30  frame/sec  takes  up  only 
4.7kbps.  If  you’re  addicted  to  very  high 
resolution  and  high  frame  rates,  or  need 
multiple  cameras,  you  will  need  to  create 
an  out-of-band  network.  A  more  realistic 
raster  size/frame  rate  should  easily 
accommodate  monitoring  in-band  with¬ 
out  using  extra  network  resources.  The 
frame  rate  has  a  large  bearing  on  traffic 
for  the  cameras. 

We  tested  e-mail  and  SNMP  alerts  but  did¬ 
n’t  test  the  text  message  alerts,  HTTP  (post 
or  get)  or  FTP  (text  or  text  with  pictures). 


Head  online  to  read  more 
about  NetBotz: 

|  Research  center  plugs  physical 
security  into  its  network. 

www.nwdocfinder.com/3625 

|  Challenges  for  physical  monitor¬ 
ing  in  health  care. 

www.nwdocfinder.com/3626 

|  NetBotz  case  study  —  St.  Louis 
College  of  Pharmacy. 

www.nwdocfinder.com/3627 

|  How  IT  surveillance  can  help  fight 
crime. 

www.nwdocfinder.com/3628 


The  fluid-detection  sensor  is  designed  to  lie  on 
the  floor  at  a  network  operations  center  to 
detect  such  things  as  water  leaks. 

Sensor  settings  for  temperature,  air  flow, 
audio  (noise-level  detection),  dew  point 
and  humidity  allow  triggers  for 
above/below  value  for  time,  min/max 
value,  range  and  rate  of  increase/ 
decrease.  Binary  sensors  (the  door  and 
fluid  detection)  detected  only  an“on”state. 

While  the  NetBotz  doesn’t  fetch  coffee,  it 
does  many  other  grunt  functions  of  sens¬ 
ing  conditions  in  a  remote  location.  The 
sensors  are  reasonably  calibrated,  and  the 
supplied  Java/Windows  software  was 
secure  and  easy  to  understand. The  appli¬ 
ances  and  sensors  were  mix-and-match, 
and  we  found  them  reliable  and  accurate. 
Video  traits  did  have  some  tradeoffs.  We 
were  disturbed  that  we  could  easily  foil 
the  door  sensor  and  also  didn’t  like  the 
inability  to  store  images  to  external  shares. 
Nonetheless,  we  were  impressed  by  the 
thoroughness  of  the  product  set  and  the 
software  that  monitors  the  sensors. 

Henderson  is  principal  researcher  at 
ExtremeLabs  in  Indianapolis.  He  can  be 
reached  at  thenderson@extreme 
labs  .com.  Szenes,  a  researcher  at  Ex¬ 
tremeLabs,  can  be  reached  at  Iszenes 
@extremelabs.  com. 


Lab  Alliance 


■  Henderson  and  Szenes  also  are  members  of 
the  Network  World  Lab  Alliance,  a  cooperative 
of  the  premier  testers  in  the  network  industry, 
each  bringing  to  bear  years  of  practical  expe¬ 
rience  on  every  test.  For  more  Lab  Alliance 
information,  including  what  it  takes  to  become 
a  partner,  go  to 
www.networkworld.com/alliance. 

Other  members:  Mandy  Andress,  ArcSec:  John 
Bass,  Centennial  Networking:  Travis  Berkley, 
University  of  Kansas;  Jeffrey  Fritz,  University 
of  California,  San  Francisco;  James  Gaskin, 
Gaskin  Computing  Services;  Miercom.  network 
consultancy  and  product  test  center;  Christine 
Perey,  Perey  Research  &  Consulting;  Barry 
Nance,  independent  consultant;  David  Newman, 
Network  Test;  Thomas  Powell,  PINT.  Joel 
Snyder,  Opus  One;  Rodney  Thayer,  Canola  & 
Jones;  Sam  Stover,  independent  consultant. 


MANAGEMENT  STRATEGIES 


CAREER  DEVELOPMENT  PROJECT  MANAGEMENT  BUSINESS  JUSTIFICATION 


Assemble  the  right  players 

Seek  input  in  setting  policies  for  information  life-cycle  management. 


BY  DENI  CONNOR 

Implementing  the  technology  required  for  informa¬ 
tion  life-cycle  management  is  much  easier  than  nail¬ 
ing  down  policy  decisions  about  the  value  of  data 
and  where  to  store  it.  To  make  those  calls,  storage  man¬ 
agers  often  need  the  help  of  department  heads,  compli¬ 
ance  officers  and  the  legal  department. 


ILM  involves  moving  data  to  a  storage  tier 
that’s  appropriate  for  the  value  of  the  data 
to  the  business. This  process  helps  compa¬ 
nies  save  money,  optimize  storage  re¬ 
sources  and  comply  with  regulations. 

“If  you  get  involved  with  legal  situations, 
the  storage  architect  is  not  qualified  to 
make  decisions,”  says  Randy  Kerns,  an  inde¬ 
pendent  storage  analyst.  “Other  personnel 
are  really  accountable,  so  they  must  partici¬ 
pate  in  ILM  or  archiving  decisions.  Others 
—  such  as  legal  or  compliance  officers  and 
department  managers  —  must  be  involved, 
and  if  the  storage  architect  is  smart,  he’ll  put 
the  requirement  on  them  to  keep  him  from 
getting  into  trouble,”  he  says. 

For  example,  initiatives  to  archive  e-mail, 
files  or  database  records  should  involve  the 
IT  personnel  responsible  for  the  applica¬ 
tions  that  generate  this  data.  If  you’re  archiv¬ 
ing  for  regulatory  compliance,  you  may 
need  to  call  on  the  compliance  officer, 
chief  security  officer  or  legal  counsel,  while 
CEOs  and  other  business  unit  heads  may 
need  to  be  involved  in  setting  policies  for 
migration  and  archiving. 

Michael  Passe,  storage  architect  for  Care- 
group  Beth  Israel  Deaconess  Medical  Cen¬ 
ter  in  Boston,  is  on  the  cusp  of  implement¬ 
ing  an  ILM  strategy  a  project  he  began  two 
and  a  half  years  ago  with  the  purchase  of 
tiered  storage  systems. 

F&sse,  whose  organization  falls  under  the 
dictates  of  the  Health  Insurance  Portability 
and  Accountability  Act  (HIPAA),  has  been 
looking  at  e-mail  archiving  for  litigation 
support  and  storage  management  and  at 
content-addressable  storage  for  longer-term 
retention  of  research  data,  forms  and 
patient  records. 

Passe  worked  with  the  medical  center’s 


storage  management, Windows  server  and 
messaging  IT  teams  to  help  assess  the 
hardware  requirements  for  archiving.  He 
decided  to  use  EMC  Centera  content- 
addressable  storage  for  long-term  data  re¬ 
tention  and  Symantec’s  Enterprise  Vault 
for  archiving  e-mails. 

“Once  we  had  cooked  out  the  technolo¬ 
gy  specifics,  it  then  moved  up  to  the  IT 
management  level  and  legal  departmen¬ 
tal  level  to  make  policy  decisions  based 
on  our  findings  of  the  technical  capabili¬ 
ties  of  the  software  and  in  our  case,  hard¬ 
ware,”  Passe  says. 

He  adds  that  was  among  the  hardest  of 
the  steps  to  implement.  “We  think  we  are 
in  the  homestretch  and  will  probably  go 
live  in  one  to  three  months,  assuming  we 
can  finish  our  policy  decisions,  which 
often  are  more  difficult  than  the  techno¬ 
logical  ones,”  he  says. 

When  Passe  finally  implements  ILM,  to  set 
policies  in  Enterprise  Vault  and  Centera 
that  automate  data  migration,  he  will  rely 
on  the  decisions  the  IT  management  and 
legal  departments  make  about  when  and 
for  how  long  data  will  be  archived. 

Matt  Pittman,  director  of  enterprise  sys¬ 
tems  at  Penson  Financial  Services  in  Dallas, 
also  relied  on  the  help  of  others  to  define 
his  ILM  and  archiving  strategy  In  his  case, 
the  government  regulations  were  different 
and  more  clearly  defined. 

Penson’s  e-mails  fall  under  the  gover¬ 
nance  of  the  Securities  and  Exchange 
Commission  (SEC),  which  requires  that  e- 
mails  for  financial  traders  be  kept  easily 
accessible  for  two  years  and  retained  for 
seven  years. 

Pittman  has  two  Xiotech  Magnitude  stor¬ 
age  arrays  with  a  mix  of  Fibre  Channel  and 


Serial  Advanced  Technology  Attachment 
(SATA)  drives  and  Legato’s  emailXtender  e- 
mail  archiving  and  DiskXtender  database 
archiving  products  for  migrating  the 
Exchange  e-mail,  user  documents  and  SQL 
server  database  data. 

“I  met  with  managers  to  get  their  feel¬ 
ings  about  the  data,  but  IT  kind  of  had  an 
idea  and  a  preconceived  notion  about 
what  we  were  going  to  do,”  Pittman  says. 
“We  thought  let’s  identify  our  sweet  spot 
—  the  time  at  which  we  would  move  data 
to  the  [SATA]  drives.” 

To  do  this,  Pittman  used  a  statistics  tool 
within  Commvault’s  Data  Migrator  product. 
He  benefited  by  moving  data  to  SATA  disks 
and  backing  up  data  to  those  disks,  cutting 
his  backup  time  in  half. 

He  also  created  policies  in  emailXtender 
that  automatically  archive  e-mails  after  a 
user’s  mailbox  consumes  750M  bytes  of 
space.  Some  departments  that  have  a 
greater  need  for  data,  such  as  new 
accounts,  have  asked  for  higher  mailbox 
quotas,  but  for  now,  Pittman’s  arbitrarily 
imposed  quotas  work  for  the  rest.  As  with 
Passe,  an  ILM  strategy  continues  to  work 
only  if  it  is  continually  assessed. 

“We  are  assessing  right  now  whether  our 
archiving  policy  and  quota  limits  are  too 
aggressive  or  not  aggressive  enough,” 
Pittman  says.  “We  are  looking  where  we 
need  to  tweak  the  policies. The  exceptions 
we’ve  made  to  that  rule  are  the  people  like 
vice  presidents  and  the  CEO  who  need  big- 


Assess,  classify  archive 


ger  capacities.” 

Three  years  ago  Gary  Joppich,  senior 
network  administrator  for  NuUnion  Credit 
Union  in  Lansing,  Mich.,  started  imple¬ 
menting  a  similar  approach  to  archiving 
data.  Joppich’s  job  was  made  easier 
because  his  credit  union  follows  SEC 
rules.“Our  team  involved  just  two  people: 
myself  and  the  organization’s  compliance 
and  security  officer,”  he  says.  “We  knew 
things  had  to  be  kept  for  that  legal  length 
of  time  —  seven  years.” 

Like  Passe,  Mark  Moroses  faces  comply¬ 
ing  with  HIPAA  regulations  for  his  med¬ 
ical  images  and  patient  records.  “A  lot  of 
our  data  is  regulated  either  at  the  state  or 
the  federal  level,  so  we  involve  the  legal 
department  right  off  the  bat,”  says 
Moroses,  senior  director  of  technical  ser¬ 
vices  and  security  officer  for  Maimonides 
Medical  Center  in  New  York. 

He  relies  on  the  legal  department  to  set 
the  bar  for  e-mail  archiving.  “Right  now, 
legal  says  they  want  to  keep  everything  for 
three  years.  We  think  they  are  going  to 
want  to  reduce  that.”  Moroses  uses  IBM’s 
Enterprise  Storage  Server  for  storing  his 
medical  information  and  e-mail  and 
Datacore’s  SANsymphony  virtualization 
product  for  data  migration. 

All  these  users  wouldn’t  have  been  able 
to  archive  this  data  or  formulate  an  ILM  pol¬ 
icy  by  their  own  wits.  Thanks  to  legal,  de¬ 
partment  heads  and  other  personnel,  their 
jobs  are  now  easier.  H 


The  processes  and  people  required  for  ILM  implementation. 


Assessment:  Determine  what  data  resides  on  what 
storage  assets  and  where  data  should  reside 
based  on  a  criteria  such  as  value  or  age. 

Storage  administrators,  IT 

Socialization:  Present  data  findings  to  others  and 
explain  storage  asset  utilization  and  costs  involved. 

Department  heads,  legal  counsel  or  compliance  officers, 
business  unit  managers. 

Classification:  Determine  how  critical  data  is  and 
how  data  is  migrated  over  time.  Classify  by  data 
type,  organization,  age  and/or  value. 

Compliance  managers,  legal  counsel  if  for  compliance; 
business  unit  managers  if  for  data  value. 

Automation:  Establish  policies  to  automate  data 
migration. 

Storage  and  messaging  administrators. 

Review:  Review  ILM  policy  as  new  applications  are 
added  to  the  network. 

Storage  administrators  and  legal,  compliance  managers. 

SOURCE:  ENTERPRISE  STRATEGY  GROUP  AND  NETWORK  WORLD 
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IT  SOLUTIONS 


UltraMatrix™ 

E-series 


■  PROFESSIONAL  MULTI-USER  KVM  SWITCH 
2  -  4  KVM  STATIONS  TO  1,000s  OF  COMPUTERS 


a  MATRIX  KVM  SWITCH  WITH 

INTEGRATED  REMOTE  ACCESS  OVER  IP 


UltraMatrix™ 

Remote 


KVM  SWITCH 


KVM  OVER  IP 


System-wide  connectivity  over  IP  worldwide  and  locally 
Connects  1,000  computers  to  up  to  256  user  stations 
Supports  PC,  Sun,  Apple,  USB,  UNIX,  serial  devices 
High  quality  video  up  to  1280  x  1024 
Secure  encrypted  operation 

View  real-time  video  from  4  computer  connections  with 
quad-screen  mode 


PC  or  multi-platform  (  PC/Unix,  Sun,  Apple,  others) 

On-screen  menu  informs  you  of  connection  status  between  units 

in  an  expanded  system 

Powerful,  expandable,  low  cost 

No  need  to  power  down  most  servers  to  install 

Security  features  prevent  unauthorized  access 

Free  lifetime  upgrade  of  firmware 

Video  resolution  up  to  1600  x  1280 

Available  in  several  models 

Easy  to  expand 
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The  UltraMatrix  E-Series  represents  the  latest  in  KVM  matrix  switch  technology,  at  an 
affordable  price.  The  E-Series  allows  you  to  connect  up  to  256  user  stations  to  as  many  as 
1,000  computers.  The  UltraMatrix  E-Series  is  available  in  several  sizes:  2x4,  2x8,  2x16, 
4x4,  4x8,  4x16,  1x8,  and  1x16  in  either  PC  or  multi-  platform. 


The  UltraMatrix  Remote  represents  the  next  generation  in  KVM  switches  with  IP  access.  It 
provides  a  comprehensive  solution  for  remote  server  access  over  IP  and  local  as  well. 


■  KVM  RACK  DRAWERS  WITH  KVM  SWITCH  OPTION 


RackViews  offer  the  latest,  most  efficient  way  to  organize  and  streamline  your 
server  rooms  and  multiple  computers. 

The  RackView  is  a  rack  mountable  KVM  console  neatly  fitted  in  a  compact  pull-out 
drawer.  This  easy-glide  KVM  drawer  contains  a  high-resolution  TFT/LCD  monitor,  a 
tactile  keyboard,  and  a  high-resolution  touchpad  or  optical  mouse. 


XtendVue  RackView 

Vertical  Rack  mountable  LCD  Fold-Forward 
With  Built-in  KVM  Extender 


RackView 

Fold-Back 


RackView 
LCD  Monitor 


RackView 

Keyboard 


ROSE  US  281  933  7673 

ROSE  EUROPE  +44  (0)  1 264  850574 
ROSE  ASIA  +65  6324  2322 

ROSE  AUSTRALIA  +617  3388  1540 


800-333-9343 

WWW.ROSE.COM 
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ROSE 

ELECTRONICS 


Everything  You  Need  for  Remote  Network  Management 


Uavtsala  Parts  +  fmm  QantraU  +  Dial-Up  Madam  =  1 U 


Web  Browser  Interface 


3|  W1 1  Eontule  foil  Management  Switch? < 


Mictosolt  Internet  i  xpltxct 


The  CMS-6R4  Console  Management  Switch  is  the  ultimate  tool  for  economical 
Remote  Network  Management.  Six  serial  ports  to  access  you  equipment’s  console 
ports,  Four  power  outlets  to  perform  remote  reboot  or  On/Off  control  plus  an  internal  modem 
with  dial-back  features  for  secure  out-of-band  access  -  all  in  a  space  saving  1 U  package!  System 
administrators  can  access  remote  devices  from  anywhere  via  telnet,  dial-up,  local  terminal  or  KVM  switch. 


Stcrkaj.  Irvine.  C*  92618  -  tot»//www  wncom 

'  . . — . .  -ri’.T-*- 


Web  Browser  Access  for  Easy  Setup  and  Operation 
Telnet,  Internal  Modem  and  Serial  Access 
Four  Individually  Switched  Power  Outlets 
Six  DB-9  Serial  Console  Ports 
Port  Specific  Password  Protection 
Dial-Back  Security  on  Modem  Port 
Requires  Only  One  Rack  Unit 
Non-Connect  Port  Buffering 
Data  Rate  Conversion 
120  VAC  Model  -  NEMA  5-15  Outlets 
208/240  VAC  Model  -  IEC320  Outlets 


Demo  Rom,  Irvine.  CA 
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western  telematic  incorporated 
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Visit  Website  for  Complete  NetReach™  Product  Line 

(800)  854-7226  •  www.wti.com 
5  Sterling  •  Irvine  •  California  92618-2517 
(949)  586-9950  •  Fax:  (949)  583-9514 


Yes,  We  are  Customer  Friendly! 

✓  Two  Year  Warranty 

✓  We  Stock  for  Same  Day  Shipment 

✓  30  Day  Return  Policy 

✓  Call  or  Email  for  an  Online  Demo 


Problems  overwhelming  your  current  sniffer? 


Advance  to  the  next  level  with  Observer  1 1 .  Now  with  enterprise  strength  VoIP  analysis.  New  features  include  an  enhanced 
VoIP  Expert,  Quality  Scoring,  Call  Detail  Records,  MultiHop  Analysis,  and  64-bit  Windows  support.  It's  time  to  reset  your  analyzer. 


NETWORK 

INSTRUMENTS 


Wired  to  wireless.  LAN  to  WAN.  One  network  -  complete  control. 


US  &  Canada  UK  &  Europe 

toll  free  800.526.5958  +44  (0)  1959  569880 

www.networkinstruments.com/analyze 


enhanced  VoIP  support 
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OBSERVER 
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Monitor  the  REST  of  your  Computer  Room! 


•  Water  on  the  Floor 

•  Temperature 

•  Power  Problems 

•  Security 

•  Smoke  and  Fire 

•  Humidity 

•  Video 

•  And  much  more 


Sends  Monitors 

SNMP  64 

Messages  IP 


Embedded 

Web 


Sends 


Power  Internal 

Outage  UPS 


Dealers  Wanted 


Monitoring 


Power 

Control 

Interface 


Port 


Modem 
&  Pager  Port 


(Tcmpefoture.  Humidity, 
Wottr,  Motion,  Power. 
Smokr/Fire) 

Expandable 


SENSAPHONE 

Tel:  877*373-2700 

901  Tryens  Road 

www.ims-4000.com 

Aston,  PA  19014 

Server  Room 
Climate  &  Power 

Monitoring 
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search 


Instantly  Search 
Terabytes  of  Text 


‘Bottom  line:  dtSearch  manages  a  terabyte  of  text  in  a  single  index 
and  returns  results  in  less  than  a  second”  —  InfoWorld 


over  two  dozen  indexed,  unindexed,  fielded  data  and  full-text  search  options 

highlights  hits  in  HTML,  XML  and  PDF,  while  displaying  links,  formatting  and 

converts  other  file  types  (word  processor,  database,  spreadsheet,  email  and 
attachments,  ZIP,  Unicode,  etc.)  to  HTML  for  display  with  highlighted  hits 

Spider  supports  static  and  dynamic  Web  content,  with  WYSWYG  hit-highlighting 

optional  API  for  C++,  .NET,  Java,  SQL,  etc.  Ask  about  new  .NET  Spider  API 


images 


DevelopeFQudt^land  Reviews 


dtSearch  vs.  the  competition: 

“dtSearch  easily  overpowered  the 
document  indexing  and  searching 
abilities  of  other  solutions,  especially 
against  large  volumes  of  documents” 

Reliability:  “dtSearch  got  the  highest 
marks  from  our  systems  engineering 
folks  that  I've  ever  heard  of” 

Results:  “customer  response  has  been 
phenomenal” 

For  hundreds  more  reviews  and  developer 
case  studies,  see  www.dtsearch.com 

Contact  dtSearch  for  fully-functional 
evaluations 


‘For  combing  through  large  amounts  of 
data,  dtSearch  ...  leads  the  market” 

—  Network  Computing 

‘Blindingly  fast”  —  Computer  Forensics: 
Incident  Response  Essentials 

‘Super  fast,  super-reliable” 

—  The  Wall  Street  Journal 

‘A  powerful  arsenal  of  search  tools” 

—  The  New  York  Times 

‘Powerful  Web-based  engines”  —  eWeek 
‘Blazing  speeds” 

—  Computer  Reseller  News  Test  Center 

‘The  most  powerful  document  search  tool 
on  the  market”  —  Wired  Magazine 


The  Smart  Choice  for  Text  Retrieval®  since  1991 


IT-FINDS1 


www  .-d  t  s  ea  re  nTco  m' 
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networkfAPs 


TAP  Into  Your  Network 


Only  a  TAP  can  provide  a  complete  copy  of  data  from  full-duplex  links  at  line  rate  for 
monitoring  devices.  Without  a  TAP,  a  monitoring  device  may  be  fed  incomplete  and 
misleading  information-creating  false  positives  and  overlooking  network  problems 
that  actually  do  exist.  Visit  www.networkTAPs.com/visibility  today. 


Copper  nTAPs 

10/100 . $395 

10/100/1000 . $99$.....$795 


Copper  to  Optical 
Conversion  nTAPs 

SX  or  LX . $1,495 


Optical  nTAPs 

One-Channel . $39$  ....$295 

Two-Channel . 579(5  ....$575 

Three-Channel  ....$'US!f  ....$845 


! 


To  learn  more  about  how  nTAPs  can  boost  your  network  visibility,  which  configuration  option 
is  best  for  you,  and  to  check  out  new  pricing  go  to  www.networkTAPs.com/visibility 
or  call  866-GET-nTAP  today.  Free  overnight  delivery* 


C€ 


•Fret  overnight  delivery  on  all  U.S.  orders  over  $295  continued  before  12  p.m.  Central  Time. 
nTAP  and  all  associated  logos  are  trademarks  or  registered  trademarks  of  Network  Instruments,  LLC. 
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1.408.727.1122 

CES2H3S!  J  d  HITKHuI 

info@recurrent.com 

njeCIftRdftt 


3431  De  La  Cruz  Blvd,  Santa  Clara.  CA  95054 


ONE  PHONE  SYSTEM 

for  many  branch  offices 

mck  communications 

'  A  Citel  Company 

MCK  EXTenders 

New,  Refurb, 
Installation,  Support 


RICKENBACKER 


communications 


ph:  978.475.7200  fx:  978.428.6200 
www.rickenbackercommunications.com 
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Rootkit 

continued  from  page  1 

Opponents  say  rootkits  should 
never  be  used  because  they 
introduce  potential  vulnerabili¬ 
ties  and  are  deceptive,  while  oth¬ 
ers  contend  there  can  be  legiti¬ 
mate  use  for  deep-stealth  tech¬ 
nology  in  both  the  enterprise 
and  home. 

The  Electronic  Frontier 
Foundation  (EFF),  which 
declared  it  was  satisfied  with 
the  Sony  settlement,  is  not 
among  those  envisioning  a  pos- 


The  rootkit  debate 

Rootkits  are  always  bad 
because  they  are: 

•  Deceptive  to  users. 

•  Introduce  potential  vulnerabilities. 

•  Can  be  hard  to  uninstall. 

*Rootkits  can  be  good  for: 

•  Monitoring  suspicious  employee 
behavior. 

•  Protecting  software  from  attack. 

•  Monitoring  what  kids  do  on  home 
PCs. 

'Any  potential  use  of  rootkits  ethically 
would  require  appropriate  user 
consent  and  have  to  adhere  to  the 
data-privacy  laws  of  the  country  in 
which  they  are  used. 


itive  role  for  rootkits. 

“1  have  yet  to  see  a  rootkit 
which  did  not  raise  security 
concerns,  and  am  skeptical  that 
there  can  be  legitimate  use  of 
technologies  that  hide  files 
from  the  user  in  an  effort  to 
thwart  user  control  of  their  own 
computer,”  says  Kurt  Opsahl, 
staff  attorney  at  EFF 

Security  expert  Bruce  Schneier, 
founder  of  managed  security  ser¬ 
vices  firm  Counterpane,  is  equal¬ 
ly  adamant. 

“Can  there  be  benevolent  root¬ 
kits?  That’s  similar  to  the  question 
of  benevolent  worms.The  answer 
is  ‘no’,”  he  says.“Rootkits  use 
stealth  to  hide  payloads,  and  that 
can  cause  problems.  A  user  loses 
control  with  what’s  going  on  in 
their  machines.” 

Antivirus  vendors  CA, Trend 
Micro  and  McAfee  say  they  reject 
use  of  rootkits  as  a  way  to  protect 
security  software.“We  call  it 
stealth  technology  rather  than 
rootkit  technology,  and  by  and 
large  it’s  a  negative  thing,” says 
Stuart  McClure, senior  vice  presi¬ 
dent  of  global  threat  at  McAfee. 

But  some  say  stealth  technolo¬ 
gies  can  be  ethical  and  shouldn’t 
be  dismissed  as  absolutely  evil. 

“Rootkits  are  inherently  decep¬ 
tive,  of  course,”  says  Christine 
Olson,  project  manager  with 
StopBadware.org,  the 
Cambridge,  Mass.,  group  formed 
by  Harvard  University  and 
Oxford  University  to  provide  the 


public  with  a  detailed  list  of  soft¬ 
ware  programs  deemed  to  be 
unethical,  deceptive  or  danger¬ 
ous.  “But  there  are  instances 
where  the  owner  of  the  machine 
might  want  to  deceive  others 
using  the  machine”  and  would 
have  the  right  to  do  so,  she  says. 

James  Butler,  CTO  at  Komoku.a 
start-up  funded  by  the  Defense 
Advanced  Research  Projects 
Agency  to  develop  ways  to  de¬ 
tect  rootkits,  says  the  debate  that 
started  after  security  researcher 
Mark  Russinovich  discovered  the 
Sony  rootkit  remains  murky 

“The  debate  centers  around 
whether  it’s  acceptable  for  a 
company  to  install  software  that 
uses  stealth  in  order  to  protect 
the  company’s  software  from 
being  detected,”  he  says. 

In  Sony’s  case,  the  way  the  soft¬ 
ware  was  written  would  let  an 
attacker  also  use  the  stealth  abili¬ 
ties  to  hide  programs.  “In  the  end, 
rootkits  can  be  good  or  evil.  It’s  all 
in  how  they’re  used,”  he  says. 

Gartner  security  analyst  John 
Pescatore  asserts  corporations 
could  benefit  from  more  rootkit¬ 
like  applications,  such  as  those 
used  to  monitor  employees.“Yes, 
there  is  a  role  for  stealth  in  the 
enterprise  world,”  he  says,  adding 
that  in  the  home  PC  environ¬ 
ment,  parents  might  want  rootkit¬ 
like  ways  to  monitor  what  their 
kids  do  on  a  home  PC. 

Some  IT  and  network  profes¬ 
sionals  say  rootkit-like  technolo¬ 


VPN 

continued  from  page  10 

trative  time.  And  once  connections  are  established, 
encryption  is  more  secure,  by  virtue  of  the  per-pack- 
et  keying,  he  says. 

The  bank  is  rolling  out  keys  to  300  employees  for 
routine  use  and  also  as  a  precaution  against  emer¬ 
gencies  that  require  employees  to  work  from  home, 
Purdy  says.  Sandy  Spring  is  buying  enough  locks  to 
create  secure  site-tosite  Internet  connections  among 
34  locations,  letting  it  decommission  its  traditional 
frame  relay  WAN  and  save  more  than  half  its  WAN 
costs,  he  says. 

A  package  of  one  lock,  10  keys  and  an  enterprise 
manager  master  key  costs  $4,950.  Locks  and  keys  also 
can  be  bought  separately:  A  lock  costs  $2,900  and  a 
set  of  10  keys  with  software  drivers  costs  $1,250. 

Sweetspot’s  tokens  perform  a  different  function. 
They  also  authenticate  remote  machines  via  two-fac¬ 
tor  authentication  with  a  Sweetspot  appliance  inside 
the  corporate  firewall.  But  once 
authenticated,  they  act  as  VPN 
clients,  creating  a  secure  tunnel 
between  the  remote  machine  and 
the  Sweetspot  appliance.  Altern¬ 
atively,  the  tokens  can  tunnel  to 


third-party  VPN  gateways.  So  far  the  tokens  are  com¬ 
patible  with  VPN  gateways  made  by  Astaro,  Cisco, 
Nortel  and  Watchguard  Technologies. 

Because  the  tokens  perform  the  function  of  VPN 
client  software,  businesses  don’t  have  to  install  this 
software  on  the  remote  machines.  They  also  elimi¬ 
nate  cumbersome  VPN  sign-on  procedures,  says 
Sweetspot  customer  Mark  Snyder,  regional  IT  direc¬ 
tor  for  Native  Air,  a  helicopter  ambulance  service  in 
Mesa,Ariz. 

Laptops  used  by  medical  personnel  on  flights  to 
record  patient  information  are  equipped  with  the 
tokens  to  set  up  wireless  VPN  connections  to  Native 
Air  billing  and  quality-control  application  servers  at 
headquarters.  The  sensitive  data  must  be  secured  to 
comply  with  Health  Insurance  Portability  and 
Accountability  Act  regulations,  Snyder  says. 

The  tokens  eliminate  the  need  to  train  medical  per¬ 
sonnel  on  using  VPN  clients.  They  also  result  in  re¬ 
ports  getting  filed  from  hospitals  via  broadband 
wireless  Internet  connections  rather  than  waiting  for 
personnel  to  plug  into  a  LAN  at  a 
helicopter  base. This  clears  paper¬ 
work  sooner  and  gets  flight  crews 
ready  for  the  next  flight  sooner, 
Snyder  says. 

The  tokens  cost  $135  each.® 
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gies  could  play  a  valuable  role  in 
the  enterprise. 

Enzo  Micali,  CIO  at  1-800- 
Flowers,  where  flowers  can  be 
ordered  online  or  by  phone  for 
delivery  says:“l’d  consider  stealth 
technology  to  monitor  employ- 
ees.The  company  owns  the  com¬ 
puters.” 

1 -800-Flowers,  which  has  2,500 
employees,  uses  the  Securify 
product  to  watch  for  unautho¬ 
rized  network  activity  by  employ¬ 
ees,  such  as  downloading  large 
files  unrelated  to  work  or  pinging 
servers. 

Martin  Lapointe,  network  man¬ 
ager  at  Canadian  retailer  Reit- 
mans,  concurs  that  “there  is  a  role 
for  stealth  in  the  enterprise.”  But 
using  any  rootkit-like  technolo¬ 
gies  would  depend,  at  the  very 
minimum,  on  ensuring  their  use 
conforms  with  user-consent  and 
data  privacy  laws  of  the  countries 
in  which  they’re  used,  he  says. 

Sam  Curry  vice  president  of 
threat  management  at  CA,says 
rootkits  in  commercial  software 
could  be  compromised,  with  dev¬ 
astating  results.  Plus,  antivirus  and 
antispyware  software  would  look 
too  much  like  the  evil  code  it’s 
trying  to  find  and  eliminate. 

David  Perry  Trend  Micro’s  global 
director  of  education, says: “We 
don’t  want  to  look  like  the  oppo¬ 
sition”  even  though  hiding  soft¬ 


ware  components  from  attack 
has  appeal,  he  says. 

But  public  opinion  seems  so 
firmly  wedged  against  the  idea  of 
rootkits  that  security  vendors  shy 
away  from  any  association. 

Symantec,  which  declined  to 
comment,  endured  its  own  pub¬ 
lic  backlash  and  cries  of 
“Rootkit!”  when  Russinovich  dis¬ 
covered  Symantec’s  Norton 
SystemWorks  was  using  a  cloak¬ 
ing  technique  to  hide  its 
NProtect  directory  for  storing 
temporary  copies  of  files  the  user 
has  deleted  or  modified. 

Bowing  to  public  criticism, 
Symantec  reevaluated  the  prac¬ 
tice  of  hiding  the  directory  — 
which  it  said  it  did  to  keep  users 
from  deleting  files  in  it  —  and 
released  an  update  in  January 
so  the  directory  could  be 
scanned  through  manual  or 
scheduled  scans,  not  just  an  on- 
access  scanner. 

Some  say  there  is  plenty  of 
commercial  software  that  already 
uses  stealth  techniques,  including 
that  of  most  antivirus  vendors. 

“Most  antiviral  software  and  vir¬ 
tualization  software,  like  VMware, 
are  essentially  rootkits,”  Gartner’s 
Pescatore  says.“Good  rootkit-like 
software  gives  the  user  choice 
and  informs  the  user,  and  the 
user  purposefully  and  knowingly 
installs  it.”H  * 


■  Network  World  118  Turnpike  Road. 
Southborough,  MA  01772-9108.  (508)  460-3333. 


Periodicals  postage  paid  at  Southborough,  Mass., 
and  additional  mailing  offices.  Posted  under 
Canadian  International  Publication  agreement 
#40063800.  Network  World  (ISSN  0887-7661)  is 
published  weekly,  except  for  a  single  combined 
issue  for  the  last  week  in  December  and  the  first 
week  in  January  by  Network  World,  Inc.,  118 
Turnpike  Road,  Southborough,  MA  01772-9108. 

Network  World  is  distributed  free  of  charge  in 
the  U.S.  to  qualified  management  or  professionals. 

To  apply  for  a  free  subscription,  go  to  www.sub- 
scribenw.com  or  write  Network  World  at  the 
address  below.  No  subscriptions  accepted  with¬ 
out  complete  identification  of  subscriber's  name, 
job  function,  company  or  organization.  Based  on 
the  information  supplied,  the  publisher  reserves 
the  right  to  reject  non-qualified  requests. 
Subscriptions:  1-508-490-6444. 

Nonqualified  subscribers:  $5.00  a  copy;  U.S.  - 
$129  a  year;  Canada  -  $160.50  (including  7%  GST, 
GST#126659952);  Central  &  South  America  - 
$150  a  year  (surface  mail);  all  other  countries  - 
$300  a  year  (airmail  service).  Four  weeks  notice 
is  required  for  change  of  address.  Allow  six 
weeks  for  new  subscription  service  to  begin. 
Please  include  mailing  label  from  front  cover  of 
the  publication. 


Network  World  can  be  purchased  on  35mm 
microfilm  through  University  Microfilm  Int., 
Periodical  Entry  Dept.,  300  Zeeb  Road, 
Ann  Arbor,  Mich.  48106. 

PHOTOCOPYRIGHTS:  Permission  to  photocopy 
for  internal  or  personal  use  or  the  internal  or  per¬ 
sonal  use  of  specific  clients  Is  granted  by 
Network  World,  Inc.  for  libraries  and  other  users 
registered  with  the  Copyright  Clearance  Center 
(CCC),  provided  that  the  base  fee  of  $3.00  per 
copy  of  the  article,  plus  50  cents  per  page  is  paid 
to  Copyright  Clearance  Center,  27  Congress 
Street,  Salem,  Mass.  01970. 

POSTMASTER:  Send  Change  of  Address  to 
Network  World  P.0.  Box  3090,  Northbrook,  IL  60065 
Canadian  Postmaster:  Please  return  undeliverable 
copy  to  PO  Box  1632,  Windsor.  Ontario  N9A7C9. 


Copyright  2005  by  Network  World,  Inc.  All  rights 
reserved.  Reproduction  of  material  appearing  in 
Network  World  is  forbidden  without  written  permis¬ 
sion. 

Reprints  (minimum  500  copies)  and  permission  to 
reprint  may  be  purchased  from  Reprint 
Management  Services  at  (717)  399-1900  x128  or 
networkworld@reprintbuyer.com. 

USPS735-730 


5.29.06  •  www.networkworld.com  •  53 


BACKSPIN 


Mark  Gibbs 


It  is  now  official, global 
warming  is  real.  When  I 
write  “official”  I  don’t 
mean  that  scientists  have 
finally  agreed.  By  official  1 
mean  President  George  W  Bush  has  finally  and  one  might 
note  grudgingly  admitted  that  global  warming  is  fact. 

The  grudgingly  part  is  because  for  a  long  time  the  presi¬ 
dent  would  not  admit  to  the  evidence  and  now  doesn’t 
want  to  engage  in  any  analysis  of  why  global  warming  has 
happened,  even  though  scientific  data  points  squarely  to 
human  activities.The  president’s  take:  . .  we  need  to  set 
aside  whether  or  not  greenhouse  gases  have  been  caused 
by  mankind  or  because  of  natural  effects  and  focus  on 
the  technologies  that  will  enable  us  to  live  better  lives  and 
at  the  same  time  protect  the  environment.” 

The  idea  that  the  problem  can  be  ameliorated  (it  can’t 
be  fixed)  without  understanding  the  causes  is  as  naive  as 
trying  to  cure  a  chest  pain  but  not  checking  to  see  if  the 
patient  is  having  a  heart  attack. 

So  what  are  the  causes  of  global  warming?  The  top  cul¬ 
prit  is  the  burning  of  fossil  fuels,  which  increase  the  atmos¬ 
pheric  concentration  of  greenhouse  gases. 

What  are  we  doing  about  the  problem?  Katherine 
Ellison  writing  in  The  New  York  Times  (see  www.nwdoc 
finder.com/3655)  on  May  20  commented:  “Scientists  have 


Global  warming,  a  hot  time 
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long  been  warning  that  the  world  must  cut  back  on  green¬ 
house  gas  emissions  by  as  much  as  70%,  as  soon  as  possi¬ 
ble,  if  we’re  to  have  a  fighting  chance  of  stabilizing  the  cli¬ 
mate.  Yet  even  with  full  participation  by  the  United  States, 
the  controversial  Kyoto  Protocol  —  the  only  global  plan 
in  the  works  —  would  hardly  begin  to  do  that.  Its  goal  is  to 
reduce  emissions  by  5.2%  below  1990  levels  by  2012.  And 
so  far,  the  best  plan  offered  by  American  politicians  —  the 
Climate  Stewardship  act  sponsored  by  Senators  John 
McCain  (R.-Ariz.)  and  Joseph  Lieberman  (D.-Conn.)  — 
has  an  even  more  modest  goal:  It  aims  to  cut  emissions  in 
the  United  States  merely  to  2000  levels  by  2010.  And  the 
Senate  has  rejected  it  twice.” 

But  this  state  of  affairs  can’t  last,  and  now  that  the  presi¬ 
dent  is  on  board  we  can  expect  that  over  the  next  few 
years  the  way  we  run  our  businesses  will  have  to  change. 

To  reduce  emissions  we  have  to  burn  less  fuel,  which 
requires  that  we  reduce  our  consumption.  When  it  comes 
to  electrical  power  we  will  have  to  use  less,  which  in  turn 
will  probably  require  higher  electricity  prices  to  enforce 
reductions.  The  average  national  price  of  electricity  in 
February  (see  www.nwdocfinder.com/3656)  was  8.42 
cents  per  kilowatt  hour.  What  will  it  mean  to  your  enter¬ 
prise  if  the  price  becomes  16  cents  or  even  32  cents? 

How  will  that  influence  changes  in  your  data  center? 

Server  consolidation  using  virtual  machine  technology 


for  IT 

looks  like  a  good  bet,  as  you  can  move  to  more  efficient 
hardware  platforms. You  need  to  examine  your  system’s 
life-cycle  management  strategy  and  make  some  reason¬ 
able  assumptions  about  how  power  costs  will  rise  and 
what  your  replacement  and  upgrade  options  will  be. 

Could  this  be  a  profound  reason  for  businesses  to 
migrate  to  Linux?  Linux  servers  typically  provide  equiva¬ 
lent  services  to  Windows  servers  at  a  lower  processor  uti¬ 
lization,  which  means  that  a  single  physical  server  running 
Linux  can  consolidate  more  server  instances  than  the 
same  hardware  running  Windows.  What  if  you  consolidat¬ 
ed  five  servers  instead  of  four?  That  could  save  20%  on 
your  energy  costs! 

But  there  will  be  other  issues  to  worry  about.  Over  the 
last  six  years  the  number  of  major  hurricanes  has  more 
than  doubled,  and  this  year  we’re  seeing  twice  as  many 
tornadoes  compared  with  the  10-year  and  30-year  aver¬ 
ages.  Add  to  that  ocean  levels  possibly  rising  10  inches  by 
2050  and  disaster  preparedness  takes  on  a  new  dimension. 

Still  doubt  global  warming  is  real?  If  the  president  finally 
accepts  it  then  maybe  it’s  time  to  start  planning  what 
you’re  going  to  do,  because  the  consequences  are  starting 
to  become  apparent  and  can  only  get  worse. 

Give  me  a  reality  check  on  Gibbsblog  or  to 
backspin  @gibbs.  com. 
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More  Google  Trends:  And  the  answer  is  . . . 


Paul  McNamara 


So  why,  as  asked  here  last  week,  does  Google  beat 
pom  but  not  sex  orYahoo? 

The  apparent  answer  in  a  word:  navigation. 

There  are  other  answers  that  would  work,  too  —  convenience,  clueless  bumbling, 
laziness  —  but  the  consensus  reason  for  why  search  engine  names  Google,  MSN 
and  especially  Yahoo  outrank  most  any  other  search  terms  on  GoogleTrends  is  that 
a  boatload  of  people  use  the  search  box  instead  of  their  browser's  address  bar  to 
navigate  from  where  they  are  to  where  they  want  to  go. . . .  Go  figure. 

We're  using  the  weasel  word  “apparent"  to  describe  this  answer  because  it  comes 
not  from  Google  but  a  clear  majority  of  opinions  offered  by  dozens  of  readers 
worldwide  —  with  Australia,  Israel  and  Pakistan  among  the  foreign  locales  repre¬ 
sented.  Google’s  explanation  for  the  phenomenon  was  that  there  is  no  phenomenon, 
merely  an  overriding  interest  in  all  things  Google.  (It  stands  to  reason  that  there  are 
people  within  the  company  who  better  understand  what's  going  on  here,  but  getting 
useful  information  out  of  Google  is  like  wringing  blood  from  a  search  engine.) 

Let's  hear  from  some  of  those  who  responded  to  last  week’s  question: 

“Here  is  the  utterly  simple  explanation  as  to  why  Yahoo  appears  to  be  so  popular," 

writes  Cody  Frisch.  “Set  Google  to  your  home  page;  notice  the  cur-  _ 

sor  does  not  default  to  the  address  bar  but  rather  the  entry  in 
Google.  Now  type  in  Yahoo  and  click  'I’m  feeling  lucky,'  and  you  go 
straight  to  the  Yahoo  home  page. . .  .Why  do  I  know  this?  I  watch  my 
father,  day  in  and  day  out,  enter  URLs  into  the  Google  search  box 
and  search  them  —  and  then  click  the  link.  Despite  my  urging  him  to 
use  the  address  bar  it  makes  no  difference.  So  the  prevalence  of 
Yahoo  in  GoogleTrends  is  simply  a  matter  of  slight  computer  illitera¬ 
cy  on  the  part  of  millions  of  people  daily  searching  for  URLs  instead 
of  using  the  address  bar." 

Joseph  Daniels  seconds  the  notion,  while  also  addressing  another 
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McNamara's  online  archive: 

www.nwdocfinder.com/1032 
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piece  of  the  puzzle,  namely  why  the  word  Google  itself  ranks  so  prominently: 
"Google  search  is  an  easy,  fast  and  reliable  way  to  get  to  Yahoo's  page.  Or,  if  you're 
using  a  Google  search  box  built  into  the  browser,  it’s  even  a  fast  way  to  get  to 
Google’s  own  page.  You  type  in  one  word  and  click  twice.  People  know  this  and  use 
it.  Bookmarks  are  faster,  sure,  but  they're  not  perfect.  A  lot  of  people  don't,  can't  or 
couldn’t  be  bothered  to  organize  and  use  them.” 

Idan  inTel-Aviv  believes  that  Google  deserves  a  slice  of  the  credit  here,  even  if  it 
hasn't  exactly  been  forthcoming  in  explaining  why:  “Google's  search  algorithms  are 
frighteningly  good.  So  much  so,  that  nowadays  even  ‘bad’  queries  with  a  combination 
of  very  general  terms  will  often  find  you  precisely  what  you’re  looking  for,  without  need 
to  refine  your  query.  The  effect  of  this  is  that  even  savvy  searchers  often  start  with  an 
‘I'm  Feeling  Lucky'  approach;  enter  their  first  guess  at  how  to  search  for  something, 
and  find  what  they  want.  No  need  to  get  creative  with  search  refinements  anymore.” 

Ken  Bliss  puts  a  finer  point  on  it  all:  "Us  darn  humans  just  can’t  figure  out  how  to 
use  simple  computers,  because  it  is  not  simple." 

Now  that  we  have  that  settled  —  apparently  —  there  was  another  contribution 
from  an  anonymous  reader  that  deserves  mention.  In  the  original  piece,  we  posited 

_  that  the  word  Yahoo  was  “the  undefeated  heavyweight  champ  of 

search  terms,"  because  it  outpaced  anything  else  we  typed  into 
GoogleTrends.  Well,  as  Howard  Cosell  might  have  called  it,  "Down 
goes  Yahoo!  Down  goes  Yahoo!” 

"Just  try  checking  GoogleTrends  on  ‘download’  and  ‘free’ . . .  they 
beat  sex,  Yahoo  and  whatnot  by  far,"  offers  the  reader.  "That  says 
something  about  search-engine  users." 

It  says  they’re  a  bunch  of  freebie  junkies,  many  of  whom  can’t  find 
their  address  bar  with  both  hands. 


Alternative  theories  still  welcome.  Buzz@nww.com  is  the  address. 


A  Stock  Market  Processing  300  Million  Transactions  a  Day. 

Running  on  Microsoft  SQL  Server  2005. 
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NASDAQ,  the  largest  U.S.  electronic  stock  market,  lists  companies  from  37  countries. 
Their  crucial  trading  and  messaging  systems  use  SQL  Server™  2005  to  handle  up  to 
64,000  transactions  per  second  with  99.999%  uptime.*  See  how  at  microsoft.com/bigdata 
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Nokia  for 
Business 


Nokia  IP390 


Nokia  IP560 


•  High  port  density 

•  Multi-Gigabit  ethjernet  performance 

•  Low  form  factor 

•  Integrates  Check  Point  VPN-1  Power 
and  VPN-1  UTM  j  '  : 

•  Leading  price/performance  in  category 


Check  Point,  mate 


In  today’s  fast-paced  business  environment,  a 
threat  can  come  at  any  moment.  Thanks  to  new 
high-performance  IP  Firewall  appliances  from 
j  Nokia,  you  are  always  prepared.  Hardened  at  the 
core  by  category-leadjng  Check  Point  software;  and 
[  boasting  highly  competitive  price  and  performance 
|  points,  they’ll  keep  your  data  center  running— 
securely  and  efficiently.  Make  your  move  at 
nokiaforbusiness.com/secure 

Work  together.  Smarter.  |  Nokiaforbusiness.com/secure 


Check  Point 

SOFTWARE  TECHNOLOGIES  LTD. 


IMOKIA 

Connecting  People 


